Processed: tagging 692852
Processing commands for cont...@bugs.debian.org: tags 692852 + sid Bug #692852 [dolfin] dolfin: Avoid hardcoding the swig2.0 version Added tag(s) sid. thanks Stopping processing here. Please contact me if you need assistance. -- 692852: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=692852 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#692852: dolfin: Avoid hardcoding the swig2.0 version
Hi, On Wed, Dec 05, 2012 at 07:17:30PM +0100, gregor herrmann wrote: On Wed, 05 Dec 2012 13:20:48 +0100, Ralf Treinen wrote: This has now made python-dolphin not installable in sid since the version of swig in sid has passed to 2.0.8-1 on 2012-10-31. However, python-dolphin still depends on swig2.0 (= 2.0.7), swig2.0 ( 2.0.8~). Hence raising severity to serious. Ack. But rebuilding it in sid now with the proposed patch would make it uninstallable in wheezy, which still has swig2.0 2.0.7. I guess we should tag this bug 'sid' for the time being? I agree, this bug only applies to sid. Setting the sid tag now. IMHO swig 2.0.8 shouldn't have been uploaded to sid during the freeze in the first place. Now that the damage is done I do not see why the bug in dolfin shouldn't be fixed in sid. I didn't look at the patch yet but if it fills into the binary package a dependency on a sepcific version of swig then the package won't migrate to wheezy anyway. -Ralf. -- Ralf Treinen Laboratoire Preuves, Programmes et Systèmes Université Paris Diderot, Paris, France. http://www.pps.univ-paris-diderot.fr/~treinen/ = New email address: trei...@pps.univ-paris-diderot.fr = -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#695254: clementine does not start
Package: clementine Version: 1.0.1+dfsg-2+b1 Severity: grave Justification: renders package unusable Dear Maintainer, After d-u clementine isn't usable anymore, and I have a segmentation fault from Konsole. Thanks for your help. *** End of the template - remove these lines *** -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 3.6-8.slh.3-aptosid-amd64 (SMP w/2 CPU cores; PREEMPT) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages clementine depends on: ii gstreamer0.10-plugins-base 0.10.36-1.1 ii gstreamer0.10-plugins-good 0.10.31-3+nmu1 ii gstreamer0.10-plugins-ugly 0.10.19-2+b2 ii libc62.13-37 ii libcdio130.83-4 ii libchromaprint0 0.6-2 ii libechonest1.2 1.2.1-1 ii libgcc1 1:4.7.2-4 ii libgdk-pixbuf2.0-0 2.26.1-1 ii libglib2.0-0 2.33.12+really2.32.4-3 ii libgpod4 0.8.2-7 ii libgstreamer-plugins-base0.10-0 0.10.36-1.1 ii libgstreamer0.10-0 0.10.36-1 ii libimobiledevice21.1.1-4 ii libindicate-qt1 0.2.5.91-5 ii liblastfm0 0.4.0~git20090710-2 ii libmtp9 1.1.3-35-g0ece104-4 ii libplist11.8-1 ii libprojectm2 2.1.0+dfsg-1 ii libqjson00.7.1-7 ii libqt4-dbus 4:4.8.2+dfsg-4 ii libqt4-network 4:4.8.2+dfsg-4 ii libqt4-opengl4:4.8.2+dfsg-4 ii libqt4-sql 4:4.8.2+dfsg-4 ii libqt4-sql-sqlite4:4.8.2+dfsg-4 ii libqt4-xml 4:4.8.2+dfsg-4 ii libqtcore4 4:4.8.2+dfsg-4 ii libqtgui44:4.8.2+dfsg-4 ii libqxt-gui0 0.6.1-7 ii libstdc++6 4.7.2-4 ii libtag1c2a 1.8-dmo1 ii libusb-1.0-0 2:1.0.12-2 ii libusbmuxd1 1.0.7-2 ii libx11-6 2:1.5.0-1 ii libxml2 2.8.0+dfsg1-7 ii projectm-data2.1.0+dfsg-1 ii zlib1g 1:1.2.7.dfsg-13 Versions of packages clementine recommends: ii gstreamer0.10-alsa0.10.36-1.1 ii gstreamer0.10-pulseaudio 0.10.31-3+nmu1 clementine suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#694998: [Pkg-mediawiki-devel] Bug#694998: mediawiki: CVE-2012-5391 CVE-2012-5395
Hi, sorry, I’m too tied up in other work that keeps popping up to check the new version if it’s ready for uploading in a timely manner. Just saying. If nobody pops up, I’ll do it eventually, of course, but it’s not on the top of my stack, so *if* someone else wants to help, be our guest. (Plus, uploads don’t work at the moment anyway…) bye, //mirabilos -- tarent solutions GmbH Rochusstraße 2-4, D-53123 Bonn • http://www.tarent.de/ Tel: +49 228 54881-393 • Fax: +49 228 54881-314 HRB 5168 (AG Bonn) • USt-ID (VAT): DE122264941 Geschäftsführer: Boris Esser, Sebastian Mancke -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#644121: current status of #644121?
On Sun, 02 Oct 2011 18:59:46 -0700 Ian Zimmerman i...@buug.org wrote: This resulted in all my local configuration in /etc/dovecot/ being trashed, and overwritten with the shipped dovecot-core versions. Ian, neither Helmut nor Lisandro could reproduce the bug report you submitted. Can you provide any further instructions? I am inclined to close this bugreport and intend to do so if you don’t reply or cannot provide anything new that would allow us to move forward. You could always re-open or open another one in case you can reproduce it. -- Best regards, Michael -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#593141: Bug#653582: ruby-hpricot: FTBFS on ia64: ruby crashes while running tests
On Mon, 16 Jan 2012 21:20:07 +0100 Lucas Nussbaum lu...@debian.org wrote: Dear release team, at some point before the wheezy release, we need to decide what to do with Ruby 1.9.X on ia64. It has been broken for months, and hasn't seen any activity in Debian (#539141) or upstream (http://bugs.ruby-lang.org/issues/5246). I think that removing it (with all its rev-depends) makes more sense than shipping a known-broken Ruby. To recap: ruby1.9.1 on ia64 is broken, neglected and lucas as one of its maintainers agrees to remove it on ia64. Dear release team: How do we move this forward? Should I follow http://wiki.debian.org/ftpmaster_Removals? -- Best regards, Michael -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#692753: Balazar dies soon...
On Tue, Dec 04, 2012 at 08:21:56PM +0100, Tobias Hansen wrote: My impression after a short test of the game is that it is quite buggy also without this bug. Yeah, just look at the list of bugs in our BTS. The bug that requires disabling sound is enough for me, and it's not the only one. The game itself looks like that kind of games that make people laugh at Linux games as a whole so I would be glad if it was removed from everywhere but it's just my opinion. -- WBR, wRAR signature.asc Description: Digital signature
Processed: block 694846 with 677721
Processing commands for cont...@bugs.debian.org: block 694846 with 677721 Bug #694846 [dicomscope] dicomscope: Exception in thread main java.lang.UnsatisfiedLinkError 694846 was not blocked by any bugs. 694846 was not blocking any bugs. Added blocking bug(s) of 694846: 677721 thanks Stopping processing here. Please contact me if you need assistance. -- 694846: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=694846 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: unarchiving 664895, reopening 664895
Processing commands for cont...@bugs.debian.org: unarchive 664895 Bug #664895 {Done: Thijs Kinkhorst th...@debian.org} [squirrelmail] squirrelmail: completely broken with PHP 5.4 Unarchived Bug 664895 reopen 664895 Bug #664895 {Done: Thijs Kinkhorst th...@debian.org} [squirrelmail] squirrelmail: completely broken with PHP 5.4 'reopen' may be inappropriate when a bug has been closed with a version; all fixed versions will be cleared, and you may need to re-add them. Bug reopened No longer marked as fixed in versions squirrelmail/2:1.4.23~svn20120406-1. thanks Stopping processing here. Please contact me if you need assistance. -- 664895: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=664895 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#591969: Bug#695158: Bug#591969: Bug#695158: wheezy-ignore tag for RC bug #591969 in typo3-src
tags 591969 + wheezy-ignore thanks On Wed, Dec 05, 2012 at 03:56:11PM +0100, Christian Welzel wrote: Am 05.12.2012 13:07, schrieb Neil McGovern: Can someone explain: 1) Why there were no updates to the bug between December 2010 and June 2012? The bug could not be resolved, so i didnt see any reason to update it. Work was going on in the background to fix this (libjs-swfobject, libjs-swfupload and swftools are my packages to get this one resolved). Take a look into the changelog for exact dates of introduction. In general, it's a good idea to update bugs with progress, especially RC ones. Otherwise, people may assume that nothing is being done and would be able to 0-day NMU it. 2) What action is being taken to resolve the unbuildability of the AS1 SWFs? Nothing. There is simply no open source AS1 compiler. 3) What action is being taken to resolve the bugs in as3compile (with bugrefs?) Nothing. as3compile simply lacks the support for some of the language constructs used in the code. So, it looks like this bug isn't going to get fixed :( 4) How likely it is that this bug will be fixed before jessie? I dont know. TYPO3 currently ships version 6.0, when jessi comes it will be surely 6.6+. 4.5 is outdated but a LTS version with support by upstream until 04-2014. TYPO3 6.0 introduced another big chunk of AS3 code (flowplayer) which surely cannot be build in main until flex-sdk hits the archive. I skipped packaging of 4.6 and 4.7 already because of not buildable flash files. Hrm. This doesn't quite cover the expected lifetime of Wheezy. 5) Why simply not removing the package would be a better idea? Perhaps this is the better choice, as most new TYPO3 projects will use 6.0 or newer. I think many of the currently running installations are 4.6 or 4.7, and only a minority is at 4.5 currently. It's a judgement call, but given the LTS promise from upstream, I'll add a wheezy-ignore tag to this. I'd like to be clear that this will not be repeated for Jessie, but hopefully 6.0 will be in the archive then and this bug can be closed. Neil -- signature.asc Description: Digital signature
Processed: Re: Bug#695158: Bug#591969: Bug#695158: wheezy-ignore tag for RC bug #591969 in typo3-src
Processing commands for cont...@bugs.debian.org: tags 591969 + wheezy-ignore Bug #591969 [src:typo3-src] typo3-src: does not build .swf files from source Added tag(s) wheezy-ignore. thanks Stopping processing here. Please contact me if you need assistance. -- 591969: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=591969 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#692650: marked as done (axis: CVE-2012-5784)
Your message dated Thu, 06 Dec 2012 11:47:56 + with message-id e1tgzvo-0001rk...@franck.debian.org and subject line Bug#692650: fixed in axis 1.4-16.1 has caused the Debian Bug report #692650, regarding axis: CVE-2012-5784 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 692650: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=692650 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: axis Severity: grave Tags: security Justification: user security hole CVE-2012-5784 has been assigned to Axis being affected by the issues described in this paper: http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf (See Section 8.1) Cheers, Moritz ---End Message--- ---BeginMessage--- Source: axis Source-Version: 1.4-16.1 We believe that the bug you reported is fixed in the latest version of axis, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 692...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Alberto Fernández Martínez inf...@gmail.com (supplier of updated axis package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Wed, 5 Dec 2012 17:28:00 +0100 Source: axis Binary: libaxis-java libaxis-java-doc Architecture: source all Version: 1.4-16.1 Distribution: unstable Urgency: low Maintainer: Debian Java Maintainers pkg-java-maintain...@lists.alioth.debian.org Changed-By: Alberto Fernández Martínez inf...@gmail.com Description: libaxis-java - SOAP implementation in Java libaxis-java-doc - SOAP implementation in Java (documentation) Closes: 692650 Changes: axis (1.4-16.1) unstable; urgency=low . * Non-maintainer upload. * Fix CVE-2012-5784 (Closes: #692650) Checksums-Sha1: 8e159512abc01815c3d20ddb431e294cc1986fb8 1602 axis_1.4-16.1.dsc f3206e0fb139fbf7e28662633f1ccb60417a2746 11894 axis_1.4-16.1.debian.tar.gz 6f22a687b8782e711d81971b67e39093237ed89f 1493966 libaxis-java_1.4-16.1_all.deb 659c7f3824cdec752d3b19c4388d2ce8477b79dc 2020892 libaxis-java-doc_1.4-16.1_all.deb Checksums-Sha256: 5b56fa34e478320dbe527a24c364f82389fe7a0fb0f2b23cf3a879a25363d453 1602 axis_1.4-16.1.dsc 85ad8499b327d4eb750b35e1461a71faf521e6bfdb5fd675fcc5230fd5fb1a25 11894 axis_1.4-16.1.debian.tar.gz 4aa9a2e546210d0b68a17e3bd86f5a2ce4a31c6db4fac5d9572a37d3c975be15 1493966 libaxis-java_1.4-16.1_all.deb 6519e20551c61458be7b8ed1e8b9bf728635ca87416b21cf15efa29225d6303b 2020892 libaxis-java-doc_1.4-16.1_all.deb Files: 69efbb01ca56ad9981e8598365f7bdb2 1602 java optional axis_1.4-16.1.dsc a2410ffc509dab87d8aef631ac07c110 11894 java optional axis_1.4-16.1.debian.tar.gz 17c015988107b2ab9cc0effde0156f65 1493966 java optional libaxis-java_1.4-16.1_all.deb 96d8325094d1c6f2ad4605bfcf3c98c5 2020892 doc optional libaxis-java-doc_1.4-16.1_all.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlC/xQ0ACgkQYDBbMcCf01q0CACgiU2g86vDAXeE/DbMMUq7eApu OOwAn2lOnfPtI26rzxzV7lFBF/XFwAjL =pgND -END PGP SIGNATUREEnd Message---
Bug#695192: marked as done (bind9: CVE-2012-5688)
Your message dated Thu, 06 Dec 2012 11:49:09 + with message-id e1tgzwz-00034i...@franck.debian.org and subject line Bug#695192: fixed in bind9 1:9.9.2.dfsg.P1-1 has caused the Debian Bug report #695192, regarding bind9: CVE-2012-5688 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 695192: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=695192 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: bind9 Severity: grave Tags: security Justification: user security hole Please see https://kb.isc.org/article/AA-00828 Stable is not affected. This needs to be fixed through testing-proposed-updates, since the testing and unstable packages have diverged and won't be updated that late in the freeze. Cheers, Moritz ---End Message--- ---BeginMessage--- Source: bind9 Source-Version: 1:9.9.2.dfsg.P1-1 We believe that the bug you reported is fixed in the latest version of bind9, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 695...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. LaMont Jones lam...@debian.org (supplier of updated bind9 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Wed, 05 Dec 2012 05:27:18 -0700 Source: bind9 Binary: bind9 bind9utils bind9-doc host bind9-host libbind-dev libbind9-90 libdns95 libisc92 liblwres90 libisccc90 libisccfg90 dnsutils lwresd Architecture: all amd64 i386 source Version: 1:9.9.2.dfsg.P1-1 Distribution: experimental Urgency: low Maintainer: LaMont Jones lam...@debian.org Changed-By: LaMont Jones lam...@debian.org Closes: 695192 Description: bind9-doc - Documentation for BIND bind9-host - Version of 'host' bundled with BIND 9.X bind9 - Internet Domain Name Server bind9utils - Utilities for BIND dnsutils - Clients provided with BIND host - Transitional package libbind9-90 - BIND9 Shared Library used by BIND libbind-dev - Static Libraries and Headers used by BIND libdns95 - DNS Shared Library used by BIND libisc92 - ISC Shared Library used by BIND libisccc90 - Command Channel Library used by BIND libisccfg90 - Config File Handling Library used by BIND liblwres90 - Lightweight Resolver Library used by BIND lwresd - Lightweight Resolver Daemon Changes: bind9 (1:9.9.2.dfsg.P1-1) experimental; urgency=low . * Named could die on specific queries with dns64 enabled. [Addressed in change #3388 for BIND 9.8.5 and 9.9.3.] CVE-2012-5688 Closes: #695192 Checksums-Sha1: bb96defd3f1e1bb684c4fd95d0400a6b982b4480 1942 bind9_9.9.2.dfsg.P1-1.dsc cd3867f2efa11c21ac54b202c5c1961774ab9396 7410647 bind9_9.9.2.dfsg.P1.orig.tar.gz e62db70c2e11b9567166d9888698a60258040daf 594888 bind9_9.9.2.dfsg.P1-1.diff.gz 370b34a8fa0328709fe16963a569665d4173683d 374338 bind9-doc_9.9.2.dfsg.P1-1_all.deb 2ce2c0fdca4e3ed92f7981dd979bb6532888c96e 19866 host_9.9.2.dfsg.P1-1_all.deb 36ca41f7b82a0f639e9aca02501e54bef45ef03c 434922 bind9_9.9.2.dfsg.P1-1_amd64.deb ae7ab270fa583fe38545c68808c1644d42fee5c1 143870 bind9utils_9.9.2.dfsg.P1-1_amd64.deb fa7aaf37c6ee15786552fd35fd7f847f1d26fbac 72732 bind9-host_9.9.2.dfsg.P1-1_amd64.deb d76907993003245e3357557c1e511419cc4486fd 1604752 libbind-dev_9.9.2.dfsg.P1-1_amd64.deb eb1fb89dc6e7e5156d3578185d0766d8026dd14a 41752 libbind9-90_9.9.2.dfsg.P1-1_amd64.deb 48df172c5a5adf82718f287dccd3dd85efd31806 764242 libdns95_9.9.2.dfsg.P1-1_amd64.deb 72f24d687db07be560ff1ca08dd56ed2c2cff849 183826 libisc92_9.9.2.dfsg.P1-1_amd64.deb 3564c398d19a5d59e83515a5df40460f226706e0 54424 liblwres90_9.9.2.dfsg.P1-1_amd64.deb 9022d7c143338945c09c19a721819a7a41cc4239 35144 libisccc90_9.9.2.dfsg.P1-1_amd64.deb 0a45f1b676aa38dc612b54932a6da1c2d14db910 61964 libisccfg90_9.9.2.dfsg.P1-1_amd64.deb 24eb57b135e72b1847d787022e05db8e9f1793c7 166684 dnsutils_9.9.2.dfsg.P1-1_amd64.deb 5f215bc1d1f63a882453538a631449f1c7ff9efb 245274 lwresd_9.9.2.dfsg.P1-1_amd64.deb 69b18c02ad67c8bf2ff0da751c339b4fd4a4aceb 433656 bind9_9.9.2.dfsg.P1-1_i386.deb 6f4fb1a35049f4225982e279b0da806daab9624c 138870 bind9utils_9.9.2.dfsg.P1-1_i386.deb 13b1ef2bdd6777fd3db1526096ae052655626aa3 71334 bind9-host_9.9.2.dfsg.P1-1_i386.deb
Bug#694271: marked as done (freevo: missing Breaks+Replaces: freevo-doc ( 1.9.2b2))
Your message dated Thu, 06 Dec 2012 11:51:29 + with message-id e1tgzzf-0004ms...@franck.debian.org and subject line Bug#694271: fixed in freevo 1.9.2b2-4.1 has caused the Debian Bug report #694271, regarding freevo: missing Breaks+Replaces: freevo-doc ( 1.9.2b2) to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 694271: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=694271 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: freevo Version: 1.9.2b2-4 Severity: serious User: trei...@debian.org Usertags: edos-file-overwrite Architecture: amd64 Distribution: squeeze-wheezy (partial) upgrade Hi, automatic installation tests of packages that share a file and at the same time do not conflict by their package dependency relationships has detected the following problem: Selecting previously deselected package freevo-doc. (Reading database ... 6286 files and directories currently installed.) Unpacking freevo-doc (from .../freevo-doc_1.9.0-10_all.deb) ... Setting up freevo-doc (1.9.0-10) ... Selecting previously deselected package freevo. Unpacking freevo (from .../freevo_1.9.2b2-4_all.deb) ... dpkg: error processing /var/cache/apt/archives/freevo_1.9.2b2-4_all.deb (--unpack): trying to overwrite '/usr/share/doc/freevo/TODO', which is also in package freevo-doc 1.9.0-10 This is a serious bug as it makes installation/upgrade fail, and violates sections 7.6.1 and 10.1 of the policy. As this problem can be demonstrated during partial upgrades from squeeze to wheezy (but not within squeeze or wheezy itself), this indicates a missing or insufficiently versioned Replaces+Breaks relationship. But since this particular upgrade ordering is not forbidden by any dependency relationship, it is possible that apt (or $PACKAGE_MANAGER) will use this erroneus path on squeeze-wheezy upgrades. Here is a list of files that are known to be shared by both packages (according to the Contents files for squeeze and wheezy on amd64, which may be slightly out of sync): usr/share/doc/freevo/README usr/share/doc/freevo/TODO In 1.9.2b2-1 some documentation files were moved from freevo-doc to freevo, but no Breaks+Replaces were added. The following relationships are currently defined: Package: freevo Conflicts: n/a Breaks:n/a Replaces: n/a The following relationships should be added for a clean takeover of these files (http://www.debian.org/doc/debian-policy/ch-relationships.html#s-replaces): Package: freevo Breaks: freevo-doc ( 1.9.2b2) Replaces: freevo-doc ( 1.9.2b2) Cheers, Andreas PS: for more information about the detection of file overwrite errors of this kind see http://edos.debian.net/file-overwrites/. freevo-doc=1.9.0-10_freevo=1.9.2b2-4.log.gz Description: GNU Zip compressed data ---End Message--- ---BeginMessage--- Source: freevo Source-Version: 1.9.2b2-4.1 We believe that the bug you reported is fixed in the latest version of freevo, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 694...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Sébastien Villemot sebast...@debian.org (supplier of updated freevo package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Mon, 03 Dec 2012 23:35:46 +0100 Source: freevo Binary: freevo python-freevo freevo-data freevo-lirc freevo-doc Architecture: source all Version: 1.9.2b2-4.1 Distribution: unstable Urgency: low Maintainer: Freevo Debian Dream Team pkg-freevo-ma...@lists.alioth.debian.org Changed-By: Sébastien Villemot sebast...@debian.org Description: freevo - home theater framework - binaries freevo-data - home theater framework - themes and data freevo-doc - home theater framework - documentation freevo-lirc - home theater framework - LIRC support python-freevo - home theater framework - Python modules Closes: 694271 Changes: freevo (1.9.2b2-4.1) unstable; urgency=low . * Non-maintainer upload. * Indicate that freevo Breaks+Replaces freevo-doc ( 1.9.2b2), since it took over two files (Closes: #694271) Checksums-Sha1: 24be0862eccb0cfe998b192e2e961a6b04f8d4f1 2242 freevo_1.9.2b2-4.1.dsc
Bug#694810: marked as done (plib: CVE-2012-4552)
Your message dated Thu, 06 Dec 2012 12:11:04 + with message-id e1tgaic-0007hr...@franck.debian.org and subject line Bug#694810: fixed in plib 1.8.5-6 has caused the Debian Bug report #694810, regarding plib: CVE-2012-4552 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 694810: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=694810 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: plib Severity: grave Tags: important http://www.openwall.com/lists/oss-security/2012/10/29/8 Please see the Red Hat bug for more details on the patch status: https://bugzilla.redhat.com/show_bug.cgi?id=871187 Cheers, Moritz ---End Message--- ---BeginMessage--- Source: plib Source-Version: 1.8.5-6 We believe that the bug you reported is fixed in the latest version of plib, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 694...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Michael Stapelberg stapelb...@debian.org (supplier of updated plib package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Wed, 05 Dec 2012 17:36:58 +0100 Source: plib Binary: libplib1 libplib-dev Architecture: source amd64 Version: 1.8.5-6 Distribution: unstable Urgency: high Maintainer: Debian QA Group packa...@qa.debian.org Changed-By: Michael Stapelberg stapelb...@debian.org Description: libplib-dev - Portability Libraries: Development package libplib1 - Portability Libraries: Run-time package Closes: 694810 Changes: plib (1.8.5-6) unstable; urgency=high . * QA upload. * Apply patch to fix CVE-2012-4552 by Hans de Goede (Closes: #694810). Checksums-Sha1: eba778a72103516bda4c742c7448c2500976cc16 1936 plib_1.8.5-6.dsc b193b775fb2d95eb153ddd3ce5f9ae4d3806db84 10405 plib_1.8.5-6.diff.gz 66a21a7a96314a362fc897768e6c9907fae158a0 647384 libplib1_1.8.5-6_amd64.deb 6a9dec8483f3973133e1f41f87f78c8642b85eb8 939318 libplib-dev_1.8.5-6_amd64.deb Checksums-Sha256: 51a768fd319566dd5b3efacfe50d7f2ec3629e64e1358f83f0df61a424a324c6 1936 plib_1.8.5-6.dsc 5d7bafcb298e8a38563e597b4b4bce6ffe351103c7e051ae33ccf6bf274390ca 10405 plib_1.8.5-6.diff.gz 90e2e9ca9e072b17304766adb1edfebf82df6fbf0f60d9494341513ad6911fdd 647384 libplib1_1.8.5-6_amd64.deb d3423d2e6cc23bf2899035aae751ab0675860e11e46d1a65c36a7ae4e2a41b71 939318 libplib-dev_1.8.5-6_amd64.deb Files: 7c4d61be59cdc64725eed0e943341885 1936 devel extra plib_1.8.5-6.dsc af7620c1ca727405d386d13640bf8568 10405 devel extra plib_1.8.5-6.diff.gz db55f3efcb5f618fdee687923fc8a03d 647384 libs extra libplib1_1.8.5-6_amd64.deb b4930c351abe392bd5cc1e6771dcce75 939318 libdevel extra libplib-dev_1.8.5-6_amd64.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCgAGBQJQv3nnAAoJEE5xYO1KyO4dq/sP/1lr5f/E/gyvpKofTAfh0tux er1Gzv/bkG8gLJ7P8twFviqr7Ri/8BBaiLhrcoosGa4Bnoi97E7dlWTfMkEnHGqK k4JeC3lAL/jInVJoOSelm0Zrw9qzH86YjF6KMCIombomNAiX6qaQlu4Y0vfFwerA q1tDehnip42XnLtBWEqQkilUBR0UuQ5CGcGpCGFtKcbQXE+RBO2PicKrwhZitaB3 ytYblVoVVgaIUgGX/6Ms7f7BBebiORTETZFqAqsQjVbjR7pDtcB+IOvB6Y9C0To2 ghUKwj8WaH0fNM5gZ4E8Zmv+mrU3RdUHP3OwChRQdGge8mDq1XwNdtV7yyP30sA8 GYgK57p08z3tUDyBUb2Dw+uFYRA5wy+gU/HTb25EkC4+vAloBMcvI0pzdiFdPwo4 P83LCmY2NiqXUZtnsC3hJyKCMGvGg395v8z2+awIZrX3J9dW0Co6kscBmOvoK4rC 8u4IRd/7yfqwaT82Onwj2WrtNFR5E4JtryoLM8UKqhE6T4uedjJMfkggtiQDXnCY YrXp4tIKinEbexRigsVCNZcoPBzqwlgbBCTbXv5Ep+W6fLpeoTwNq1CLmgFGbzQz 2a3/C/Xo101kWyDveCLiDtKNAyYty8XmceZLBfAiaNE9Mr/x7vVB8li4v933Y5LU MgEjbMoOh7UST48sJz+E =9mYS -END PGP SIGNATUREEnd Message---
Bug#694285: marked as done (proofgeneral-doc: missing Breaks+Replaces: proofgeneral ( 4))
Your message dated Thu, 06 Dec 2012 12:11:15 + with message-id e1tgain-0007p9...@franck.debian.org and subject line Bug#694285: fixed in proofgeneral 4.2~pre120605-2 has caused the Debian Bug report #694285, regarding proofgeneral-doc: missing Breaks+Replaces: proofgeneral ( 4) to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 694285: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=694285 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: proofgeneral-doc Version: 4.2~pre120112-1 Severity: serious User: trei...@debian.org Usertags: edos-file-overwrite Architecture: amd64 Distribution: squeeze-wheezy (partial) upgrade Hi, automatic installation tests of packages that share a file and at the same time do not conflict by their package dependency relationships has detected the following problem: Selecting previously deselected package proofgeneral. Unpacking proofgeneral (from .../proofgeneral_3.7-4_all.deb) ... Processing triggers for install-info ... Setting up proofgeneral (3.7-4) ... Installing proofgeneral startup files for Emacs Selecting previously deselected package proofgeneral-doc. Unpacking proofgeneral-doc (from .../proofgeneral-doc_4.2~pre120605-1_all.deb) ... dpkg: error processing /var/cache/apt/archives/proofgeneral-doc_4.2~pre120605-1_all.deb (--unpack): trying to overwrite '/usr/share/info/proofgeneral.info.gz', which is also in package proofgeneral 3.7-4 This is a serious bug as it makes installation/upgrade fail, and violates sections 7.6.1 and 10.1 of the policy. As this problem can be demonstrated during partial upgrades from squeeze to wheezy (but not within squeeze or wheezy itself), this indicates a missing or insufficiently versioned Replaces+Breaks relationship. But since this particular upgrade ordering is not forbidden by any dependency relationship, it is possible that apt (or $PACKAGE_MANAGER) will use this erroneus path on squeeze-wheezy upgrades. Here is a list of files that are known to be shared by both packages (according to the Contents files for squeeze and wheezy on amd64, which may be slightly out of sync): usr/share/info/proofgeneral.info.gz This file was moved to -doc with the new packaging: proofgeneral (4.2~pre120112-1) unstable; urgency=low * restart packaging from scratch (Closes: #626589) - only two binary packages: proofgeneral and proofgeneral-doc The following relationships are currently defined: Package: proofgeneral-doc Conflicts: n/a Breaks:n/a Replaces: n/a The following relationships should be added for a clean takeover of these files (http://www.debian.org/doc/debian-policy/ch-relationships.html#s-replaces): Package: proofgeneral-doc Breaks: proofgeneral ( 4) Replaces: proofgeneral ( 4) Cheers, Andreas PS: for more information about the detection of file overwrite errors of this kind see http://edos.debian.net/file-overwrites/. proofgeneral=3.7-4_proofgeneral-doc=4.2~pre120605-1.log.gz Description: GNU Zip compressed data ---End Message--- ---BeginMessage--- Source: proofgeneral Source-Version: 4.2~pre120605-2 We believe that the bug you reported is fixed in the latest version of proofgeneral, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 694...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Hendrik Tews hend...@askra.de (supplier of updated proofgeneral package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Tue, 04 Dec 2012 14:50:27 +0100 Source: proofgeneral Binary: proofgeneral proofgeneral-doc Architecture: source all Version: 4.2~pre120605-2 Distribution: unstable Urgency: low Maintainer: Hendrik Tews hend...@askra.de Changed-By: Hendrik Tews hend...@askra.de Description: proofgeneral - generic frontend for proof assistants proofgeneral-doc - generic frontend for proof assistants - documentation Closes: 694285 Changes: proofgeneral (4.2~pre120605-2) unstable; urgency=low . * add Breaks and Replaces dependencies for proofgeneral-doc (Closes: #694285) * delete wrong info in README.Debian Checksums-Sha1: 68f674074d6b05c7e5074420a1d1e807a84f0b13 1962
Bug#551468: marked as done (xarchiver fails to open 7z archives)
Your message dated Thu, 06 Dec 2012 12:12:25 + with message-id e1tgajv-0008ac...@franck.debian.org and subject line Bug#665642: fixed in xarchiver 1:0.5.2+20090319+dfsg-4.1 has caused the Debian Bug report #665642, regarding xarchiver fails to open 7z archives to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 665642: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=665642 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: xarchiver Version: 1:0.5.2+20090319+dfsg-4 When I open a .7z with xarchiver, it aborts : *** glibc detected *** xarchiver: free(): invalid next size (fast): 0x08f1b1a8 *** === Backtrace: = [...] zsh: abort xarchiver foo.7z ---End Message--- ---BeginMessage--- Source: xarchiver Source-Version: 1:0.5.2+20090319+dfsg-4.1 We believe that the bug you reported is fixed in the latest version of xarchiver, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 665...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Markus Koschany a...@gambaru.de (supplier of updated xarchiver package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Tue, 04 Dec 2012 06:43:48 + Source: xarchiver Binary: xarchiver Architecture: source amd64 Version: 1:0.5.2+20090319+dfsg-4.1 Distribution: unstable Urgency: low Maintainer: Christian Hübschi huebschi.christ...@gmail.com Changed-By: Markus Koschany a...@gambaru.de Description: xarchiver - GTK+ frontend for most used compression formats Closes: 656301 665642 692261 Changes: xarchiver (1:0.5.2+20090319+dfsg-4.1) unstable; urgency=low . * Non-maintainer upload. * Add patch 04-fix-7z-crash.patch and restore the ability to open and view 7z archives again. (Closes: #665642) * Remove discouraged MIME type multipart/x-zip from desktop file. (Closes: #656301) * Don't mention xarchive in the package description because it isn't available in Debian. (Closes: #692261) Checksums-Sha1: c676c23c64024ef7b304512cb5c7125cba4b3267 1225 xarchiver_0.5.2+20090319+dfsg-4.1.dsc 9b08e2996ddd49b75626fb6ff84f1e2dbb304899 7306 xarchiver_0.5.2+20090319+dfsg-4.1.diff.gz aac6b82ed04cd87a09d177cb927bdb3bc084d7bc 522872 xarchiver_0.5.2+20090319+dfsg-4.1_amd64.deb Checksums-Sha256: ecea00d846d90d5c27b6a94b66b51c1270d02d21821009d58e0c537cd869284a 1225 xarchiver_0.5.2+20090319+dfsg-4.1.dsc 9acd88f9b2cf3b9a71032df21556c9900c3c6cd333b3975163847c184ae97e0b 7306 xarchiver_0.5.2+20090319+dfsg-4.1.diff.gz b389f385dde2329948f36ef9536810d7ad2d6f319d3fb0dcd97ba7e64d42b6e6 522872 xarchiver_0.5.2+20090319+dfsg-4.1_amd64.deb Files: 7cced1953162dbca8da840043e649b01 1225 x11 optional xarchiver_0.5.2+20090319+dfsg-4.1.dsc 885497029b1025565e62d33d0497a6e7 7306 x11 optional xarchiver_0.5.2+20090319+dfsg-4.1.diff.gz 69bc1670e981bb86ca1629dd602dd5d8 522872 x11 optional xarchiver_0.5.2+20090319+dfsg-4.1_amd64.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlC/N8IACgkQoRg/jtECjI3jbQCeJGw8x6oSIu3vzfd6iF4Miac+ el0An21VcFU4SX76vKRdtD7OeucH4unE =iSkB -END PGP SIGNATUREEnd Message---
Bug#665642: marked as done ([xarchiver] crashes when opening 7z archives)
Your message dated Thu, 06 Dec 2012 12:12:25 + with message-id e1tgajv-0008ac...@franck.debian.org and subject line Bug#665642: fixed in xarchiver 1:0.5.2+20090319+dfsg-4.1 has caused the Debian Bug report #665642, regarding [xarchiver] crashes when opening 7z archives to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 665642: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=665642 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: xarchiver Version: 1:0.5.2+20090319+dfsg-4 Severity: important --- Please enter the report below this line. --- When opening 7z archive (attached), xarchiver crashes: $ xarchiver archiv.7z ... ... ... b6d2a000-b6d2d000 rw-p 00:00 0 b6d2d000-b6e27000 r-xp fe:00 151968 /lib/i386-linux-gnu/libglib-2.0.so.0.3000.2 b6e27000-b6e28000 rw-p 000f9000 fe:00 151968 /lib/i386-linux-gnu/libglib-2.0.so.0.3000.2 b6e28000-b6e2b000 r-xp fe:00 131732 /usr/lib/i386-linux-gnu/libgmodule-2.0.so.0.3000.2 b6e2b000-b6e2c000 rw-p 2000 fe:00 131732 /usr/lib/i386-linux-gnu/libgmodule-2.0.so.0.3000.2 b6e2c000-b6e7c000 r-xp fe:00 131523 /usr/lib/i386-linux-gnu/libgobject-2.0.so.0.3000.2 b6e7c000-b6e7d000 rw-p 0004f000 fe:00 131523 /usr/lib/i386-linux-gnu/libgobject-2.0.so.0.3000.2 b6e7d000-b6e7f000 rw-p 00:00 0 b6e7f000-b6eb2000 r-xp fe:00 134635 /usr/lib/i386-linux-gnu/libfontconfig.so.1.4.4Aborted --- System information. --- Architecture: i386 Kernel: Linux 3.2.0-2-686-pae Debian Release: wheezy/sid 500 testing ftp.at.debian.org --- Package information. --- Depends (Version) | Installed ==-+- libatk1.0-0(= 1.20.0) | 2.2.0-2 libc6 (= 2.3) | 2.13-27 libcairo2 (= 1.2.4) | 1.10.2-7 libfontconfig1 (= 2.4.0) | 2.8.0-3.1 libfreetype6(= 2.2.1) | 2.4.8-1 libglib2.0-0 (= 2.16.0) | 2.30.2-6 libgtk2.0-0(= 2.10.0) | 2.24.10-1 libpango1.0-0 (= 1.14.0) | 1.29.4-3 Recommends (Version) | Installed =-+-=== xdg-utils | 1.1.0~rc1+git20111210-6 arj | bzip2 | 1.0.6-1 rpm | 4.9.1.2-1 p7zip-full| 9.20.1~dfsg.1-4 unzip | 6.0-5 zip | 3.0-4 Suggests (Version) | Installed ===-+-=== lha | rar | archiv.7z Description: application/7z-compressed signature.asc Description: PGP signature ---End Message--- ---BeginMessage--- Source: xarchiver Source-Version: 1:0.5.2+20090319+dfsg-4.1 We believe that the bug you reported is fixed in the latest version of xarchiver, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 665...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Markus Koschany a...@gambaru.de (supplier of updated xarchiver package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Tue, 04 Dec 2012 06:43:48 + Source: xarchiver Binary: xarchiver Architecture: source amd64 Version: 1:0.5.2+20090319+dfsg-4.1 Distribution: unstable Urgency: low Maintainer: Christian Hübschi huebschi.christ...@gmail.com Changed-By: Markus Koschany a...@gambaru.de Description: xarchiver - GTK+ frontend for most used compression formats Closes: 656301 665642 692261 Changes: xarchiver (1:0.5.2+20090319+dfsg-4.1) unstable; urgency=low . * Non-maintainer upload. * Add patch 04-fix-7z-crash.patch and restore the ability to open and view 7z archives again. (Closes: #665642) * Remove discouraged MIME type multipart/x-zip from desktop file. (Closes: #656301) * Don't mention xarchive in the package description because it isn't available in Debian. (Closes: #692261) Checksums-Sha1: c676c23c64024ef7b304512cb5c7125cba4b3267 1225 xarchiver_0.5.2+20090319+dfsg-4.1.dsc 9b08e2996ddd49b75626fb6ff84f1e2dbb304899 7306 xarchiver_0.5.2+20090319+dfsg-4.1.diff.gz aac6b82ed04cd87a09d177cb927bdb3bc084d7bc 522872 xarchiver_0.5.2+20090319+dfsg-4.1_amd64.deb
Bug#677650: marked as done (unhide.rb: in `module:LibC': uninitialized constant DL::Importable (NameError))
Your message dated Thu, 06 Dec 2012 12:12:15 + with message-id e1tgajl-00084l...@franck.debian.org and subject line Bug#677650: fixed in unhide.rb 13-1.1 has caused the Debian Bug report #677650, regarding unhide.rb: in `module:LibC': uninitialized constant DL::Importable (NameError) to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 677650: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677650 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: unhide.rb Version: 13-1 Severity: important Tags: d-i Dear Maintainer, Unhide.rb used in rkhunter generate the next error in rkhunter.log: [18:15:27] Info: Starting test name 'hidden_procs' [18:15:27] Info: Unable to find the 'unhide' command [18:15:27] Info: Found the 'unhide.rb' command: /usr/bin/unhide.rb [18:15:27] Using command 'unhide.rb' [ Warning ] [18:15:27] Checking for hidden processes [ Warning ] [18:15:28] Warning: The 'unhide.rb' command gave an error: [18:15:28] /usr/bin/unhide.rb:130: warning: assigned but unused variable - exe [18:15:28] /usr/bin/unhide.rb:32:in `module:LibC': uninitialized constant DL::Importable (NameError) [18:15:28] from /usr/bin/unhide.rb:31:in `main' starting unhide.rb as root in a terminal emulator generates the same error: /usr/bin/unhide.rb:130: warning: assigned but unused variable - exe /usr/bin/unhide.rb:32:in `module:LibC': uninitialized constant DL::Importable (NameError) from /usr/bin/unhide.rb:31:in `main' It looks like unhide.rb dies in an error. Regards, Huck -- System Information: Debian Release: wheezy/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-2-amd64 (SMP w/2 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages unhide.rb depends on: ii ruby4.9 ii ruby1.8 [ruby] 1.8.7.358-4 unhide.rb recommends no packages. Versions of packages unhide.rb suggests: ii rkhunter 1.4.0-1 -- no debconf information ---End Message--- ---BeginMessage--- Source: unhide.rb Source-Version: 13-1.1 We believe that the bug you reported is fixed in the latest version of unhide.rb, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 677...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Cédric Boutillier bou...@debian.org (supplier of updated unhide.rb package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Tue, 04 Dec 2012 12:58:03 +0100 Source: unhide.rb Binary: unhide.rb Architecture: source all Version: 13-1.1 Distribution: unstable Urgency: high Maintainer: Debian Forensics forensics-de...@lists.alioth.debian.org Changed-By: Cédric Boutillier bou...@debian.org Description: unhide.rb - Forensic tool to find processes hidden by rootkits Closes: 677650 Changes: unhide.rb (13-1.1) unstable; urgency=high . * Non-maintainer upload. * Set urgency to high, as a RC bug is fixed. * Use Ruby 1.8 instead of default Ruby 1.9 version. (Closes: #677650) + add debian/patches/use_ruby18.patch, changing the shebang of unhide.rb to /usr/bin/ruby1.8 as it contains code not compatible with Ruby 1.9, + Depends on ruby1.8 instead of ruby. Checksums-Sha1: 5880b1f6650c80f400f671220cdfb240b634ff80 1885 unhide.rb_13-1.1.dsc 9284e5106ec2edc478cec51755ff769ebd64cb4d 2520 unhide.rb_13-1.1.debian.tar.gz c24ebe4a663c698c81962a9c2b6885f217c4a40a 6506 unhide.rb_13-1.1_all.deb Checksums-Sha256: 3062fa7db911c0082e4d03c8dab00e1e629ccf1e5a8423909bbe7117244d95c6 1885 unhide.rb_13-1.1.dsc 36dbcfe6d4f8d75c398adff386ae8c2bfac0de81af58aefc2d941676c388ec93 2520 unhide.rb_13-1.1.debian.tar.gz 3be79b247d6e1fa8aea8f2e64759c68643b99723a911b797845941561a364423 6506 unhide.rb_13-1.1_all.deb Files: f5cbacafb7b787f9cc45b86731595c62 1885 admin extra unhide.rb_13-1.1.dsc 54e0711142a4237d59b12e0e5683833a 2520 admin extra unhide.rb_13-1.1.debian.tar.gz ee29831d64b83f9596d2c1f59eb97a4d 6506 admin extra unhide.rb_13-1.1_all.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux)
Bug#685712: marked as done (xarchiver: don't show correct file list with 7zip archive)
Your message dated Thu, 06 Dec 2012 12:12:25 + with message-id e1tgajv-0008ac...@franck.debian.org and subject line Bug#665642: fixed in xarchiver 1:0.5.2+20090319+dfsg-4.1 has caused the Debian Bug report #665642, regarding xarchiver: don't show correct file list with 7zip archive to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 665642: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=665642 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: xarchiver Version: 1:0.5.2+20090319+dfsg-4 Severity: normal Dear Maintainer, When listing content of a 7zip file with 7z l myfile.7z no problem this is the same output as in xarchiver with the menu item (in french ...) action / sortie de la ligne de commande the list provided by xarchiver seems to be part of the third and fifth line... I guess it's propably a bad parse of the output. and consequently no way by xarchier to extract the files... thank for your support. -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-3-amd64 (SMP w/4 CPU cores) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages xarchiver depends on: ii libatk1.0-0 2.4.0-2 ii libc6 2.13-35 ii libcairo2 1.12.2-2 ii libfontconfig1 2.9.0-7 ii libfreetype62.4.9-1 ii libglib2.0-02.32.3-1 ii libgtk2.0-0 2.24.10-2 ii libpango1.0-0 1.30.0-1 Versions of packages xarchiver recommends: ii arj 3.10.22-10 ii bzip2 1.0.6-4 ii p7zip-full 9.20.1~dfsg.1-4 ii rpm 4.10.0-5 ii unzip 6.0-7 ii xdg-utils 1.1.0~rc1+git20111210-6 ii zip 3.0-6 Versions of packages xarchiver suggests: pn lha none pn rar none -- no debconf information ---End Message--- ---BeginMessage--- Source: xarchiver Source-Version: 1:0.5.2+20090319+dfsg-4.1 We believe that the bug you reported is fixed in the latest version of xarchiver, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 665...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Markus Koschany a...@gambaru.de (supplier of updated xarchiver package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Tue, 04 Dec 2012 06:43:48 + Source: xarchiver Binary: xarchiver Architecture: source amd64 Version: 1:0.5.2+20090319+dfsg-4.1 Distribution: unstable Urgency: low Maintainer: Christian Hübschi huebschi.christ...@gmail.com Changed-By: Markus Koschany a...@gambaru.de Description: xarchiver - GTK+ frontend for most used compression formats Closes: 656301 665642 692261 Changes: xarchiver (1:0.5.2+20090319+dfsg-4.1) unstable; urgency=low . * Non-maintainer upload. * Add patch 04-fix-7z-crash.patch and restore the ability to open and view 7z archives again. (Closes: #665642) * Remove discouraged MIME type multipart/x-zip from desktop file. (Closes: #656301) * Don't mention xarchive in the package description because it isn't available in Debian. (Closes: #692261) Checksums-Sha1: c676c23c64024ef7b304512cb5c7125cba4b3267 1225 xarchiver_0.5.2+20090319+dfsg-4.1.dsc 9b08e2996ddd49b75626fb6ff84f1e2dbb304899 7306 xarchiver_0.5.2+20090319+dfsg-4.1.diff.gz aac6b82ed04cd87a09d177cb927bdb3bc084d7bc 522872 xarchiver_0.5.2+20090319+dfsg-4.1_amd64.deb Checksums-Sha256: ecea00d846d90d5c27b6a94b66b51c1270d02d21821009d58e0c537cd869284a 1225 xarchiver_0.5.2+20090319+dfsg-4.1.dsc 9acd88f9b2cf3b9a71032df21556c9900c3c6cd333b3975163847c184ae97e0b 7306 xarchiver_0.5.2+20090319+dfsg-4.1.diff.gz b389f385dde2329948f36ef9536810d7ad2d6f319d3fb0dcd97ba7e64d42b6e6 522872 xarchiver_0.5.2+20090319+dfsg-4.1_amd64.deb Files: 7cced1953162dbca8da840043e649b01 1225 x11 optional xarchiver_0.5.2+20090319+dfsg-4.1.dsc 885497029b1025565e62d33d0497a6e7 7306 x11 optional xarchiver_0.5.2+20090319+dfsg-4.1.diff.gz 69bc1670e981bb86ca1629dd602dd5d8 522872 x11 optional xarchiver_0.5.2+20090319+dfsg-4.1_amd64.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux)
Bug#687848: marked as done (extlinux-update: fails to correctly update changed syslinux debian themes)
Your message dated Thu, 06 Dec 2012 12:12:04 + with message-id e1tgaja-0007uh...@franck.debian.org and subject line Bug#687848: fixed in syslinux 2:4.06+dfsg-3 has caused the Debian Bug report #687848, regarding extlinux-update: fails to correctly update changed syslinux debian themes to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 687848: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=687848 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: extlinux Version: 2:4.05+dfsg-6 Severity: grave Tags: patch Justification: leaves system in unbootable state if updating in wheezy Hi, when preparing a patch for #681426 I noticed that after updating the debian wheezy extlinux theme (by installing an updated version of syslinux-themes-debian-wheezy) running extlinux-update does not update the theme in /boot/extlinux/themes/debian-wheezy but instead copies the new theme to /boot/extlinux/themes/debian-wheezy/extlinux . Therefore, the old theme is then used. This means that systems which had the broken theme (as described in #681426) installed and upgrade to a newer theme and run extlinux-update still won't boot. The problem can be fixed by removing the old theme before copying the new one: diff -Nru syslinux-4.05+dfsg/debian/local/extlinux-update syslinux-4.05+dfsg/debian/local/extlinux-update --- syslinux-4.05+dfsg/debian/local/extlinux-update 2012-06-30 14:00:10.0 +0200 +++ syslinux-4.05+dfsg/debian/local/extlinux-update 2012-09-16 17:07:40.0 +0200 @@ -403,9 +403,11 @@ if [ -n ${EXTLINUX_THEME_ORIG} ] then + rm -rf ${_EXTLINUX_DIRECTORY}/themes/${EXTLINUX_THEME_ORIG} cp -aL /usr/share/syslinux/themes/${EXTLINUX_THEME_ORIG}/extlinux ${_EXTLINUX_DIRECTORY}/themes/${EXTLINUX_THEME_ORIG} ln -sf ${EXTLINUX_THEME_ORIG} ${_EXTLINUX_DIRECTORY}/themes/${EXTLINUX_THEME} else + rm -rf ${_EXTLINUX_DIRECTORY}/themes/${EXTLINUX_THEME} cp -aL /usr/share/syslinux/themes/${EXTLINUX_THEME}/extlinux ${_EXTLINUX_DIRECTORY}/themes/${EXTLINUX_THEME} fi Cheers, Mika ---End Message--- ---BeginMessage--- Source: syslinux Source-Version: 2:4.06+dfsg-3 We believe that the bug you reported is fixed in the latest version of syslinux, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 687...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Daniel Baumann daniel.baum...@progress-technologies.net (supplier of updated syslinux package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Wed, 05 Dec 2012 12:40:43 +0100 Source: syslinux Binary: syslinux syslinux-udeb extlinux syslinux-common Architecture: source i386 all Version: 2:4.06+dfsg-3 Distribution: unstable Urgency: low Maintainer: Daniel Baumann daniel.baum...@progress-technologies.net Changed-By: Daniel Baumann daniel.baum...@progress-technologies.net Description: extlinux - collection of boot loaders (ext2/3/4 and btrfs bootloader) syslinux - collection of boot loaders syslinux-common - collection of boot loaders (common files) syslinux-udeb - collection of boot loaders (udeb) Closes: 687848 691644 692844 Changes: syslinux (2:4.06+dfsg-3) unstable; urgency=low . * Allowing to overwrite symlinks in extlinux-update, thanks to Ivo De Decker ivo.dedec...@ugent.be (Closes: #687848). * Adding patch to update list of supported filesystems in extlinux manpage (Closes: #692844). * Adding missing support for menu default handling (Closes: #691644). * Updating date and version headers in local manpages. Checksums-Sha1: 12e98fcfd8b25d49267fd8b93f6e55c4bf957e9b 1419 syslinux_4.06+dfsg-3.dsc 9f00dd057025dea11600c53af3250f3d6d4531be 30948 syslinux_4.06+dfsg-3.debian.tar.xz b21016cf9fd6f0f0fbb45bf6962bcb836e3658c2 101616 syslinux_4.06+dfsg-3_i386.deb b7e1522848a51f6fbb435f43a09d382e2f65202e 49194 syslinux-udeb_4.06+dfsg-3_i386.udeb 34d1f72ed0ae745a1e8c46228496e20c7a01fee8 129658 extlinux_4.06+dfsg-3_i386.deb
Bug#687396: [buildd-tools-devel] Bug#687396: Bug#687396: Bug#687396: sbuild: building pyca fails silently
On Wed, Dec 05, 2012 at 02:25:45PM +, Roger Leigh wrote: On Wed, Dec 05, 2012 at 03:17:11PM +0100, Roland Stigge wrote: On 12/05/2012 03:11 PM, Roland Stigge wrote: But don't worry - it's just a minor change and at least fixes the issue for the protocol. ;-) So others won't be disturbed by it during bug squashing. So please consider sbuild 0.63.2-1.1 for wheezy (freeze exemption). (Maybe Roger will override the package which is now in the DELAYED queue.) I'd certainly want some careful testing first. Are there any corner cases where this breaks anything? I'll review it later in the week as I said earlier. And do note that this does not match the behaviour on the buildds, so while it will fix things for local builds, it won't work on the buildds until the patch is committed into git and merged onto the buildd branch and then deployed. I just saw this uploaded; I thought you said this was in DELAYED/5 yesterday? Even small changes can do with some level of review and testing, which I said yesterday I would do this week. I don't think this warranted such a high severity, nor NMUing it as I was replying to your mail yesterday. Thanks, Roger -- .''`. Roger Leigh : :' : Debian GNU/Linuxhttp://people.debian.org/~rleigh/ `. `' schroot and sbuild http://alioth.debian.org/projects/buildd-tools `-GPG Public Key F33D 281D 470A B443 6756 147C 07B3 C8BC 4083 E800 -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#695268: liblockfile1: harmful remove action in M-A:same package
Package: liblockfile1 Version: 1.09-4 Severity: serious Steps taken: Install liblockfile1:amd64. Observe that it ships /usr/share/doc/liblockfile1. Install liblockfile1:i386. Observe that /usr/share/doc/liblockfile1 is still correctly there. Remove liblockfile1:i386, but not liblockfile1:amd64. Now The doc dir is gone. This is due to the postinst shipped by liblockfile1. I do not understand why liblockfile1 removes /usr/share/doc/liblockfile1 during postrm remove as I would expect it to be removed by dpkg if necessary. Helmut -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#687396: [buildd-tools-devel] Bug#687396: Bug#687396: Bug#687396: sbuild: building pyca fails silently
Hi Roger, On 12/06/2012 01:15 PM, Roger Leigh wrote: On Wed, Dec 05, 2012 at 02:25:45PM +, Roger Leigh wrote: On Wed, Dec 05, 2012 at 03:17:11PM +0100, Roland Stigge wrote: On 12/05/2012 03:11 PM, Roland Stigge wrote: But don't worry - it's just a minor change and at least fixes the issue for the protocol. ;-) So others won't be disturbed by it during bug squashing. So please consider sbuild 0.63.2-1.1 for wheezy (freeze exemption). (Maybe Roger will override the package which is now in the DELAYED queue.) I'd certainly want some careful testing first. Are there any corner cases where this breaks anything? I'll review it later in the week as I said earlier. And do note that this does not match the behaviour on the buildds, so while it will fix things for local builds, it won't work on the buildds until the patch is committed into git and merged onto the buildd branch and then deployed. I just saw this uploaded; I thought you said this was in DELAYED/5 yesterday? Right, should still be in the DELAYED/x queue. Even small changes can do with some level of review and testing, which I said yesterday I would do this week. I don't think this warranted such a high severity, nor NMUing it as I was replying to your mail yesterday. And I already apologized about missing your mail while I just uploaded the NMU. (Consider that the bug was marked as RC since September without anyone else caring.) And I tested the change, for sure. E.g. built nearly the complete archive with it on powerpcspe. Still considering the fix appropriate and didn't hear about technical reasons against it. Feel free to solve the issue differently on a subsequent upload, no matter if before 0.63.2-1.1 hits unstable or not. So can we please concentrate on actually solving issues instead of discussing severities of already fixed bugs? Thanks and peace, Roland -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#694272: NMU to DELAYED/3 [Was: guile-g-wrap: missing Breaks+Replaces: g-wrap ( 1.9.14)]
Hi, I just NMUed the package with the suggested patch to DELAYED/3. I'll file an unblock request once the package might have hit unstable. Kind regards Andreas. -- http://fam-tille.de -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#692650: Patches for CVE-2012-5783 and CVE-2012-5784
Hi All, I've prepared the patch with the problem pointed by David fixed (thanks David). It also fixes a bug related to wildcard certificates. The first patch is backported from httpclient 4.0 and apache synapse. This second patch backports some fixes from httpclient 4.2 The patch differ a lot from 4.x line for two reasons: first, the code arquitecture changes, second , I want to mantain the 3.1 api unchanged, so all methods are private and only apply to one class. The patch for axis and commons-httpclient is the same. In the function they create a SSLSocket, I've put the same routine to validate the hostname against certificate valid names. I'll upload the new patches in their place. Please review them and when ready I can upload a new package to mentors. Thanks -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#692650: patch for axis CVE-2012-5784 (full patch)
Description: Fixed CN extraction from DN of X500 principal and wildcard validation axis (1.4-16.2) unstable; urgency=low * Fixed CN extraction from DN of X500 principal and wildcard validation Author: Alberto Fernández MartÃnez inf...@gmail.com Origin: other Bug-Debian: http://bugs.debian.org/692650 Forwarded: https://issues.apache.org/jira/browse/AXIS-2883 Last-Update: 2012-12-06 --- axis-1.4.orig/src/org/apache/axis/components/net/JSSESocketFactory.java +++ axis-1.4/src/org/apache/axis/components/net/JSSESocketFactory.java @@ -15,12 +15,6 @@ */ package org.apache.axis.components.net; -import org.apache.axis.utils.Messages; -import org.apache.axis.utils.XMLUtils; -import org.apache.axis.utils.StringUtils; - -import javax.net.ssl.SSLSocket; -import javax.net.ssl.SSLSocketFactory; import java.io.BufferedWriter; import java.io.IOException; import java.io.InputStream; @@ -28,7 +22,27 @@ import java.io.OutputStream; import java.io.OutputStreamWriter; import java.io.PrintWriter; import java.net.Socket; +import java.security.cert.Certificate; +import java.security.cert.CertificateParsingException; +import java.security.cert.X509Certificate; +import java.util.Arrays; +import java.util.Collection; import java.util.Hashtable; +import java.util.Iterator; +import java.util.LinkedList; +import java.util.List; +import java.util.Locale; +import java.util.StringTokenizer; +import java.util.regex.Pattern; + +import javax.net.ssl.SSLException; +import javax.net.ssl.SSLSession; +import javax.net.ssl.SSLSocket; +import javax.net.ssl.SSLSocketFactory; + +import org.apache.axis.utils.Messages; +import org.apache.axis.utils.StringUtils; +import org.apache.axis.utils.XMLUtils; /** @@ -41,6 +55,10 @@ import java.util.Hashtable; */ public class JSSESocketFactory extends DefaultSocketFactory implements SecureSocketFactory { +// This is a a sorted list, if you insert new elements do it orderdered. +private final static String[] BAD_COUNTRY_2LDS = +{ac, co, com, ed, edu, go, gouv, gov, info, +lg, ne, net, or, org}; /** Field sslFactory */ protected SSLSocketFactory sslFactory = null; @@ -187,6 +205,260 @@ public class JSSESocketFactory extends D if (log.isDebugEnabled()) { log.debug(Messages.getMessage(createdSSL00)); } +verifyHostName(host, (SSLSocket) sslSocket); return sslSocket; } +/** + * Verifies that the given hostname in certicifate is the hostname we are trying to connect to + * http://www.cvedetails.com/cve/CVE-2012-5783/ + * @param host + * @param ssl + * @throws IOException + */ + + private static void verifyHostName(String host, SSLSocket ssl) + throws IOException { + if (host == null) { + throw new IllegalArgumentException(host to verify was null); + } + + SSLSession session = ssl.getSession(); + if (session == null) { +// In our experience this only happens under IBM 1.4.x when +// spurious (unrelated) certificates show up in the server's chain. +// Hopefully this will unearth the real problem: + InputStream in = ssl.getInputStream(); + in.available(); +/* + If you're looking at the 2 lines of code above because you're + running into a problem, you probably have two options: + +#1. Clean up the certificate chain that your server + is presenting (e.g. edit /etc/apache2/server.crt or + wherever it is your server's certificate chain is + defined). + + OR + +#2. Upgrade to an IBM 1.5.x or greater JVM, or switch to a + non-IBM JVM. + */ + +// If ssl.getInputStream().available() didn't cause an exception, +// maybe at least now the session is available? + session = ssl.getSession(); + if (session == null) { +// If it's still null, probably a startHandshake() will +// unearth the real problem. +ssl.startHandshake(); + +// Okay, if we still haven't managed to cause an exception, +// might as well go for the NPE. Or maybe we're okay now? +session = ssl.getSession(); + } + } + + Certificate[] certs = session.getPeerCertificates(); + verifyHostName(host.trim().toLowerCase(Locale.US), (X509Certificate) certs[0]); + } + /** + * Extract the names from the certificate and tests host matches one of them + * @param host + * @param cert + * @throws SSLException + */ + + private static void verifyHostName(final String host, X509Certificate cert) + throws SSLException { +// I'm okay with being case-insensitive when comparing the host we used +// to establish the socket to the hostname in the certificate. +// Don't trim the CN, though. + +
Bug#694275: NMUed to DELAYED/3 [Was: gri-pdf-doc: missing Breaks+Replaces: gri ( 2.12.23-2)]
Hi, I uploaded the suggested patch to DELAYED/3. I will file an unblock request once the package might have hit unstable. Remark: Peter, I usually commit changes to some packaging VCS if the package is maintained in a DD-accessible VCS. It seems that this is not the case for the gri package even if it might profit from some cooperative maintenance for instance in Debian Science team. I'd recommend reading https://wiki.debian.org/DebianScience/ContributingToDebianScience and commiting gri to either Git or SVN of Debian Science. Kind regards Andreas. -- http://fam-tille.de -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#692650: Patches for CVE-2012-5783 and CVE-2012-5784
Hi Alberto, thanks for your continuous work on this. As I said in my previous mail please remember to reopen the according bugs to make sure the previous solution will not migrate to testing. I'll volunteer to sponsor your new version if you confirm that this is needed to finally fix the issue. Kind regards Andreas. On Thu, Dec 06, 2012 at 01:49:07PM +0100, Alberto Fernández wrote: Hi All, I've prepared the patch with the problem pointed by David fixed (thanks David). It also fixes a bug related to wildcard certificates. The first patch is backported from httpclient 4.0 and apache synapse. This second patch backports some fixes from httpclient 4.2 The patch differ a lot from 4.x line for two reasons: first, the code arquitecture changes, second , I want to mantain the 3.1 api unchanged, so all methods are private and only apply to one class. The patch for axis and commons-httpclient is the same. In the function they create a SSLSocket, I've put the same routine to validate the hostname against certificate valid names. I'll upload the new patches in their place. Please review them and when ready I can upload a new package to mentors. Thanks -- http://fam-tille.de -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#695272: libphone-utils0: harmful postrm purge action in M-A:same package
Package: libphone-utils0 Version: 0.1+git20110523-1.2 Severity: serious It is technically possible to install libphone-utils0:amd64 and libphone-utils0:i386 in parallel. If I then purge libphone-utils0:i386, /etc/phone-utils.conf will disappear even though it is still needed by libphone-utils:amd64. This is due to the postrm script not taking multiple installations of the same package into account. Helmut -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#694295: Anybody up for caring about #694295
Hi, when debchecking out speech-dispatcher Vcs-Git I noticed there is some work going on done by people who are usually known to do a reasonable job. Before I fiddle around with this package to apply the quite simple patch for the bug I would like to ping those people mentioned in the latest changelog entries about the status of the package. I could do an NMU und I usually also try to commit my changes to Vcs but in this case I'm afraid that I as a Git beginner might mix up things (if ACL permissions are properly set at all to enable me commiting). Please let me know whether you consider it helpfull if I would do a NMU. Kind regards Andreas. -- http://fam-tille.de -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#694368: libfuzzy{2,-dev}: missing Breaks+Replaces: ssdeep ( 2.6)
Hi Salvatore, the fix was just uploaded. Do we need a release excpetion for this to be accepeted ? -- Christophe Monniez christophe.monn...@fccu.be -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: Reopen bugs axis: CVE-2012-5784 and commons-http-client:CVE-2012-5783
Processing commands for cont...@bugs.debian.org: reopen 692650 Bug #692650 {Done: Alberto Fernández Martínez inf...@gmail.com} [axis] axis: CVE-2012-5784 'reopen' may be inappropriate when a bug has been closed with a version; all fixed versions will be cleared, and you may need to re-add them. Bug reopened No longer marked as fixed in versions axis/1.4-16.1. reopen 692442 Bug #692442 {Done: Alberto Fernández Martínez inf...@gmail.com} [commons-httpclient] CVE-2012-5783: Insecure certificate validation 'reopen' may be inappropriate when a bug has been closed with a version; all fixed versions will be cleared, and you may need to re-add them. Bug reopened No longer marked as fixed in versions commons-httpclient/3.1-10.1. block 692650 by 692442 Bug #692650 [axis] axis: CVE-2012-5784 692650 was not blocked by any bugs. 692650 was not blocking any bugs. Added blocking bug(s) of 692650: 692442 thanks Stopping processing here. Please contact me if you need assistance. -- 692442: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=692442 692650: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=692650 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#695274: libparse-debian-packages-perl: Problem parsing stanzas with more than 1 multiline entry
Package: libparse-debian-packages-perl Version: 0.03-1 Severity: grave Tags: upstream Justification: causes non-serious data loss Using libparse-debain-packages-perl, the following problem arises when parsing stanzas with more than 1 multiline entry: If a multiline entry is found, all lines of this entry are added to the result map under the key body. If a different multiline entry is processed later on, all multiline entries are added to the same map entry body, effectively mixing up content from different multiline fields. To demonstrate this, i used the attached source test_packages.pl, together with the file unzipped file Packages from ftp://ftp.tugraz.at/mirror/debian/dists/sid/main /binary-amd64/Packages.gz. The relevant part of the Packages file looks like this: Package: browser-plugin-vlc Source: npapi-vlc Version: 2.0.0-2 Installed-Size: 201 Maintainer: Debian Multimedia Maintainers pkg-multimedia- maintain...@lists.alioth.debian.org Architecture: amd64 Replaces: mozilla-plugin-vlc ( 2.0.0) Depends: vlc, libatk1.0-0 (= 1.12.4), libc6 (= 2.3.4), libcairo2 (= 1.2.4), libfontconfig1 (= 2.9.0), libfreetype6 (= 2.2.1), libgcc1 (= 1:4.1.1), libgdk-pixbuf2.0-0 (= 2.22.0), libglib2.0-0 (= 2.12.0), libgtk2.0-0 (= 2.24.0), libice6 (= 1:1.0.0), libpango1.0-0 (= 1.14.0), libsm6, libstdc++6 (= 4.1.1), libvlc5 (= 1.1.0), libx11-6 Breaks: mozilla-plugin-vlc ( 2.0.0) Description: multimedia plugin for web browsers based on VLC Homepage: http://www.videolan.org/vlc/ Description-md5: 1dfbd075b62a574a99794b2eb520c80e Npp-Applications: 92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a, ec8030f7-c20a-464f-9b0e-13a3a9e97384 Npp-Description: play video and audio in Firefox using the VLC Multimedia Player Npp-File: libvlcplugin.so Npp-Mimetype: application/mpeg4-iod, application/mpeg4-muxcodetable, application/ogg, application/x-google-vlc-plugin, application/x-mplayer2, application/x-ogg, application/x-vlc-plugin, audio/3gpp, audio/3gpp2, audio/mpeg, audio/mpeg4, audio/wav, audio/x-mpeg, audio/x-wav, video/3gpp, video/3gpp2, video/mpeg, video/mpeg-system, video/mpeg4, video/quicktime, video/x-mpeg, video/x-mpeg-system, video/x-ms-asf, video/x-ms-asf-plugin, video/x-ms-wmv, video/x-msvideo Npp-Name: VLC Multimedia Plugin Tag: uitoolkit::gtk Section: video Priority: optional Filename: pool/main/n/npapi-vlc/browser-plugin-vlc_2.0.0-2_amd64.deb Size: 51758 MD5sum: 1714be2acb3cd2d7c1a53f5d86704c34 SHA1: aa57cb8dbb6d7291862968bf27e94ad8652f1fa2 SHA256: 1ca5784dedc8735f652bc47d50afc4b19d7577fd68b321cf063244bb408f8209 The output using libparse-debian-packages-perl yields the following output: --- Architecture: amd64 Breaks: mozilla-plugin-vlc ( 2.0.0) Depends: 'vlc, libatk1.0-0 (= 1.12.4), libc6 (= 2.3.4), libcairo2 (= 1.2.4), libfontconfig1 (= 2.9.0), libfreetype6 (= 2.2.1), libgcc1 (= 1:4.1.1), libgdk-pixbuf2.0-0 (= 2.22.0), libglib2.0-0 (= 2.12.0), libgtk2.0-0 (= 2.24.0), libice6 (= 1:1.0.0), libpango1.0-0 (= 1.14.0), libsm6, libstdc++6 (= 4.1.1), libvlc5 (= 1.1.0), libx11-6' Description: multimedia plugin for web browsers based on VLC Description-md5: 1dfbd075b62a574a99794b2eb520c80e Filename: pool/main/n/npapi-vlc/browser-plugin-vlc_2.0.0-2_amd64.deb Homepage: http://www.videolan.org/vlc/ Installed-Size: 201 MD5sum: 1714be2acb3cd2d7c1a53f5d86704c34 Maintainer: 'Debian Multimedia Maintainers pkg-multimedia- maintain...@lists.alioth.debian.org' Npp-Applications: '92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a,' Npp-Description: play video and audio in Firefox using the VLC Multimedia Player Npp-File: libvlcplugin.so Npp-Mimetype: 'application/mpeg4-iod,' Npp-Name: VLC Multimedia Plugin Package: browser-plugin-vlc Priority: optional Replaces: mozilla-plugin-vlc ( 2.0.0) SHA1: aa57cb8dbb6d7291862968bf27e94ad8652f1fa2 SHA256: 1ca5784dedc8735f652bc47d50afc4b19d7577fd68b321cf063244bb408f8209 Section: video Size: 51758 Source: npapi-vlc Tag: uitoolkit::gtk Version: 2.0.0-2 body: |2 ec8030f7-c20a-464f-9b0e-13a3a9e97384 application/mpeg4-muxcodetable, application/ogg, application/x-google-vlc-plugin, application/x-mplayer2, application/x-ogg, application/x-vlc-plugin, audio/3gpp, audio/3gpp2, audio/mpeg, audio/mpeg4, audio/wav, audio/x-mpeg, audio/x-wav, video/3gpp, video/3gpp2, video/mpeg,
Bug#695275: src:dspam: harmful actions in multiple postrm scripts of M-A:same packages
Package: src:dspam Version: 3.10.2+dfsg-2 Severity: serious Let me give an example of the general issue in libdspam7. All the other issues are of similar nature. It is possible to install libdspam7:amd64 and libdspam7:i386 in parallel. Now a user could purge libdspam7:i386, but still use libdspam7:amd64. The postrm purge script would ensure that the dspam user is now locked. This breaks libdspam7:amd64. Basically every postrm script shipped contains a similar issue. I am not aware of a general solution to the problem. Different packages have come up with different solutions (example: libwrap0). Due to the size of the problem here I suggest to remove the M-A:same headers in a t-p-u upload and defer a real solution until after wheezy. I'd expect said real solution to involve a new package Arch:all package and ship the dspam user. Helmut -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#694361: phpunit-story: missing Breaks+Repalces: phpunit ( 3.6.10)
Hi, I did a debcheckout phpunit-story and noticed that the patch for bug #694361 is applied and the new version even tagged - any reason it did not made its way to unstable? Please tell me if I should sponsor some upload. Kind regards Andreas. -- http://fam-tille.de -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#677943: waiting for upload approval...
block 677943 by 694790 block 694355 by 694790 block 675377 by 694790 block 676798 by 694790 block 678662 by 694790 block 687495 by 694790 block 687715 by 694790 block 689291 by 694790 block 690711 by 694790 block 691309 by 694790 block 691390 by 694790 block 691327 by 694790 block 691448 by 694790 block 691758 by 694790 block 681803 by 694790 thanks -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#694368: libfuzzy{2,-dev}: missing Breaks+Replaces: ssdeep ( 2.6)
Hi, I considered NMUing ssdeep to fix this bug. When debcheckout-ing the packaging repository I noticed that there is a changelog entry * Adding the missing Breaks+Replaces (Closes: #694368). for a not yet released version 2.9-1. Could you please confirm that you understood that you can not upload a new version but just need to apply the smallest possible change to the package currently in testing? Please tell me if you have some trouble with uploading / sponsering - I'd volunteer to help fixing this RC bug. Kind regards Andreas. -- http://fam-tille.de -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#694361: phpunit-story: missing Breaks+Repalces: phpunit ( 3.6.10)
Hi Andreas, On Thu, Dec 06, 2012 at 03:53:06PM +0100, Andreas Tille wrote: Please tell me if I should sponsor some upload. I just upload the package to mentors, it will be great if you could check it and sponsor it, after that i will ask for unblock. http://mentors.debian.net/debian/pool/main/p/phpunit-story/phpunit-story_1.0.0-2.dsc Thank you. -- Luis Uribe http://eviled.org signature.asc Description: Digital signature
Processed: bug 695274 is forwarded to http://rt.cpan.org/Public/Bug/Display.html?id=81744
Processing commands for cont...@bugs.debian.org: forwarded 695274 http://rt.cpan.org/Public/Bug/Display.html?id=81744 Bug #695274 [libparse-debian-packages-perl] libparse-debian-packages-perl: Problem parsing stanzas with more than 1 multiline entry Set Bug forwarded-to-address to 'http://rt.cpan.org/Public/Bug/Display.html?id=81744'. thanks Stopping processing here. Please contact me if you need assistance. -- 695274: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=695274 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: tagging 695274
Processing commands for cont...@bugs.debian.org: tags 695274 + confirmed Bug #695274 [libparse-debian-packages-perl] libparse-debian-packages-perl: Problem parsing stanzas with more than 1 multiline entry Added tag(s) confirmed. thanks Stopping processing here. Please contact me if you need assistance. -- 695274: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=695274 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: waiting for upload approval...
Processing commands for cont...@bugs.debian.org: block 677943 by 694790 Bug #677943 [munin] /etc/apache2/conf.d/munin removed on upgrade 677943 was not blocked by any bugs. 677943 was not blocking any bugs. Added blocking bug(s) of 677943: 694790 block 694355 by 694790 Bug #694355 [munin-doc] munin-doc: missing Breaks+Replaces: munin-common ( 2) 694355 was not blocked by any bugs. 694355 was not blocking any bugs. Added blocking bug(s) of 694355: 694790 block 675377 by 694790 Bug #675377 [munin-node] munin-node: Could not set SSL_CTX options 675377 was not blocked by any bugs. 675377 was not blocking any bugs. Added blocking bug(s) of 675377: 694790 block 676798 by 694790 Bug #676798 [munin-node] munin-node: Munin-node does not allow IPv6 localhost connections Bug #693185 [munin-node] munin-node: Default munin-node.conf fails on localhost due to only allowing 127.0.0.1 676798 was not blocked by any bugs. 676798 was not blocking any bugs. Added blocking bug(s) of 676798: 694790 693185 was not blocked by any bugs. 693185 was not blocking any bugs. Added blocking bug(s) of 693185: 694790 block 678662 by 694790 Bug #678662 [munin] munin-update: Doesn't fall back to v4 when v6 address causes a connect error 678662 was not blocked by any bugs. 678662 was not blocking any bugs. Added blocking bug(s) of 678662: 694790 block 687495 by 694790 Bug #687495 [munin-node] munin: Use of uninitialized value $ENV{MUNIN_PLUGSTATE} in concatenation Bug #687912 [munin-node] munin-node: 'Use of uninitialized value $ENV{MUNIN_PLUGSTATE}' from /etc/cron.d/munin-node 687495 was not blocked by any bugs. 687495 was not blocking any bugs. Added blocking bug(s) of 687495: 694790 687912 was not blocked by any bugs. 687912 was not blocking any bugs. Added blocking bug(s) of 687912: 694790 block 687715 by 694790 Bug #687715 [munin] unowned files after purge (policy 6.8, 10.8) 687715 was not blocked by any bugs. 687715 was not blocking any bugs. Added blocking bug(s) of 687715: 694790 block 689291 by 694790 Bug #689291 [munin] munin-html.log full of uninitialized value in HTMLConfig.pm 689291 was not blocked by any bugs. 689291 was not blocking any bugs. Added blocking bug(s) of 689291: 694790 block 690711 by 694790 Bug #690711 [munin-plugins-core] munin-plugins-core: bashism in /bin/sh script 690711 was not blocked by any bugs. 690711 was not blocking any bugs. Added blocking bug(s) of 690711: 694790 block 691309 by 694790 Bug #691309 [munin-async] /var/lib/munin-async owned by root while munin-asyncd started as user munin-async 691309 was not blocked by any bugs. 691309 was not blocking any bugs. Added blocking bug(s) of 691309: 694790 block 691390 by 694790 Bug #691390 [munin-async] munin-async init script runs before munin-node and dies 691390 was not blocked by any bugs. 691390 was not blocking any bugs. Added blocking bug(s) of 691390: 694790 block 691327 by 694790 Bug #691327 [munin] quilt patches not being applied 691327 was not blocked by any bugs. 691327 was not blocking any bugs. Added blocking bug(s) of 691327: 694790 block 691448 by 694790 Bug #691448 [munin-node] munin-node: Please fix http_loadtime in wheezy (git 9a1cbce) 691448 was not blocked by any bugs. 691448 was not blocking any bugs. Added blocking bug(s) of 691448: 694790 block 691758 by 694790 Bug #691758 [munin-async] munin-async logrotate directory specifies /var/lib/munin/spool when /var/lib/munin-async is used 691758 was not blocked by any bugs. 691758 was not blocking any bugs. Added blocking bug(s) of 691758: 694790 block 681803 by 694790 Bug #681803 [munin-doc] munin-async documentation 681803 was not blocked by any bugs. 681803 was not blocking any bugs. Added blocking bug(s) of 681803: 694790 thanks Stopping processing here. Please contact me if you need assistance. -- 675377: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=675377 676798: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=676798 677943: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677943 678662: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=678662 681803: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=681803 687495: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=687495 687715: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=687715 687912: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=687912 689291: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=689291 690711: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=690711 691309: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=691309 691327: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=691327 691390: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=691390 691448: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=691448 691758: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=691758 693185: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=693185 694355: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=694355 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE,
Bug#694361: phpunit-story: missing Breaks+Repalces: phpunit ( 3.6.10)
Hi Luis, On Thu, Dec 06, 2012 at 10:23:26AM -0500, Luis Uribe wrote: Hi Andreas, On Thu, Dec 06, 2012 at 03:53:06PM +0100, Andreas Tille wrote: Please tell me if I should sponsor some upload. I just upload the package to mentors, it will be great if you could check it and sponsor it, after that i will ask for unblock. Please make sure you mention the motivation for the other change * Added a version Depends: php-pear (= 5.4). which does sound perfectly reasonable to me - but formally we have a slightest change as possible policy currently and so giving some reasoning might help the release managers. http://mentors.debian.net/debian/pool/main/p/phpunit-story/phpunit-story_1.0.0-2.dsc Done. Thank you. Thank you for the preparation Andreas. -- http://fam-tille.de -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#694361: marked as done (phpunit-story: missing Breaks+Repalces: phpunit ( 3.6.10))
Your message dated Thu, 06 Dec 2012 15:47:42 + with message-id e1tgdfq-0001b4...@franck.debian.org and subject line Bug#694361: fixed in phpunit-story 1.0.0-2 has caused the Debian Bug report #694361, regarding phpunit-story: missing Breaks+Repalces: phpunit ( 3.6.10) to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 694361: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=694361 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: phpunit-story Version: 1.0.0-1 Severity: serious User: trei...@debian.org Usertags: edos-file-overwrite Architecture: amd64 Distribution: squeeze-wheezy (partial) upgrade Hi, automatic installation tests of packages that share a file and at the same time do not conflict by their package dependency relationships has detected the following problem: Selecting previously deselected package phpunit. Unpacking phpunit (from .../phpunit_3.4.14-1_all.deb) ... Setting up phpunit (3.4.14-1) ... Selecting previously deselected package phpunit-story. Unpacking phpunit-story (from .../phpunit-story_1.0.0-1_all.deb) ... dpkg: error processing /var/cache/apt/archives/phpunit-story_1.0.0-1_all.deb (--unpack): trying to overwrite '/usr/share/php/PHPUnit/Extensions/Story/When.php', which is also in package phpunit 3.4.14-1 This is a serious bug as it makes installation/upgrade fail, and violates sections 7.6.1 and 10.1 of the policy. As this problem can be demonstrated during partial upgrades from squeeze to wheezy (but not within squeeze or wheezy itself), this indicates a missing or insufficiently versioned Replaces+Breaks relationship. But since this particular upgrade ordering is not forbidden by any dependency relationship, it is possible that apt (or $PACKAGE_MANAGER) will use this erroneus path on squeeze-wheezy upgrades. Here is a list of files that are known to be shared by both packages (according to the Contents files for squeeze and wheezy on amd64, which may be slightly out of sync): usr/share/php/PHPUnit/Extensions/Story/Given.php usr/share/php/PHPUnit/Extensions/Story/ResultPrinter.php usr/share/php/PHPUnit/Extensions/Story/ResultPrinter/HTML.php usr/share/php/PHPUnit/Extensions/Story/ResultPrinter/Template/scenario.html.dist usr/share/php/PHPUnit/Extensions/Story/ResultPrinter/Template/scenario_header.html.dist usr/share/php/PHPUnit/Extensions/Story/ResultPrinter/Template/scenarios.html.dist usr/share/php/PHPUnit/Extensions/Story/ResultPrinter/Template/step.html.dist usr/share/php/PHPUnit/Extensions/Story/ResultPrinter/Text.php usr/share/php/PHPUnit/Extensions/Story/Scenario.php usr/share/php/PHPUnit/Extensions/Story/Step.php usr/share/php/PHPUnit/Extensions/Story/TestCase.php usr/share/php/PHPUnit/Extensions/Story/Then.php usr/share/php/PHPUnit/Extensions/Story/When.php The following relationships are currently defined: Package: phpunit-story Conflicts: n/a Breaks:n/a Replaces: n/a The following relationships should be added for a clean takeover of these files (http://www.debian.org/doc/debian-policy/ch-relationships.html#s-replaces): Package: phpunit-story Breaks:phpunit ( 3.6.10) Replaces: phpunit ( 3.6.10) Cheers, Andreas PS: for more information about the detection of file overwrite errors of this kind see http://edos.debian.net/file-overwrites/. phpunit=3.4.14-1_phpunit-story=1.0.0-1.log.gz Description: GNU Zip compressed data ---End Message--- ---BeginMessage--- Source: phpunit-story Source-Version: 1.0.0-2 We believe that the bug you reported is fixed in the latest version of phpunit-story, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 694...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Luis Uribe a...@eviled.org (supplier of updated phpunit-story package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Thu, 06 Dec 2012 10:08:11 -0500 Source: phpunit-story Binary: phpunit-story Architecture: source all Version: 1.0.0-2 Distribution: unstable Urgency: low Maintainer: Debian PHP PEAR Maintainers
Bug#692852: dolfin: Avoid hardcoding the swig2.0 version
On Thu, 06 Dec 2012 09:06:06 +0100, Ralf Treinen wrote: But rebuilding it in sid now with the proposed patch would make it uninstallable in wheezy, which still has swig2.0 2.0.7. I guess we should tag this bug 'sid' for the time being? I agree, this bug only applies to sid. Setting the sid tag now. Thanks. IMHO swig 2.0.8 shouldn't have been uploaded to sid during the freeze in the first place. Ack. Now that the damage is done I do not see why the bug in dolfin shouldn't be fixed in sid. I didn't look at the patch yet but if it fills into the binary package a dependency on a sepcific version of swig then the package won't migrate to wheezy anyway. True, but it migh also block an eventual bugfix upload that should reach wheezy later. Anyway, since this bug doesn't affect testing anymore, I'll stop caring until the wheezy release :) Cheers, gregor -- .''`. Homepage: http://info.comodo.priv.at/ - OpenPGP key 0xBB3A68018649AA06 : :' : Debian GNU/Linux user, admin, and developer - http://www.debian.org/ `. `' Member of VIBE!AT SPI, fellow of the Free Software Foundation Europe `- NP: Rod Stewart signature.asc Description: Digital signature
Bug#694295: Anybody up for caring about #694295
On Thu, 06 Dec 2012 14:37:33 +0100, Andreas Tille wrote: when debchecking out speech-dispatcher Vcs-Git I noticed there is some work going on done by people who are usually known to do a reasonable job. Before I fiddle around with this package to apply the quite simple patch for the bug I would like to ping those people mentioned in the latest changelog entries about the status of the package. Sorry, I don't know anything about this package newer than my NMU earlier this year :) I could do an NMU und I usually also try to commit my changes to Vcs but in this case I'm afraid that I as a Git beginner might mix up things (if ACL permissions are properly set at all to enable me commiting). Please let me know whether you consider it helpfull if I would do a NMU. At a quick glance, Andreas' proposed patch looks sane; so IMO an NMU to an appropriate DELAYED queue seems to be a good idea. Cheers, gregor -- .''`. Homepage: http://info.comodo.priv.at/ - OpenPGP key 0xBB3A68018649AA06 : :' : Debian GNU/Linux user, admin, and developer - http://www.debian.org/ `. `' Member of VIBE!AT SPI, fellow of the Free Software Foundation Europe `- NP: Rod Stewart signature.asc Description: Digital signature
Bug#694389: mythes-it: missing Breaks+Replaces: openoffice.org-thesaurus-it ( 1:0)
Hi Enrico, I'm currently busy to squash all missing Breaks+Replaces bugs opened by the other Andreas. Just let me know if you need a helping hand to NMU the package. Kind regards Andreas. -- http://fam-tille.de -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#695284: tsung compiled with outdated erlang version
Package: tsung Version: 1.4.2-1 Severity: grave Justification: renders package unusable When I run `tsung -f tsung.xml start` it says: Erlang version has changed ! [5.8.5] != [5.9.1] Must create new boot files (you may have to run this one time as root ! ) creating boot file for tsung application init terminating in do_boot () creating boot file for tsung_controller application init terminating in do_boot () Starting Tsung {init terminating in do_boot,{'cannot load',error_handler,get_files}} init terminating in do_boot () It appears that tsung needs to be recompiled with the 5.9.1 version of erlang that is shipped in unstable. -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages tsung depends on: ii erlang-nox 1:15.b.1-dfsg-3 ii gnuplot4.6.0-8 ii libtemplate-perl 2.24-1 ii python 2.7.3-3 ii python-matplotlib 1.1.1~rc2-1 ii python-support 1.0.15 Versions of packages tsung recommends: ii openssh-client 1:6.0p1-3 tsung suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#593141: Bug#653582: ruby-hpricot: FTBFS on ia64: ruby crashes while running tests
On Thu, Dec 6, 2012 at 10:22:00 +0100, Michael Stapelberg wrote: On Mon, 16 Jan 2012 21:20:07 +0100 Lucas Nussbaum lu...@debian.org wrote: Dear release team, at some point before the wheezy release, we need to decide what to do with Ruby 1.9.X on ia64. It has been broken for months, and hasn't seen any activity in Debian (#539141) or upstream (http://bugs.ruby-lang.org/issues/5246). I think that removing it (with all its rev-depends) makes more sense than shipping a known-broken Ruby. To recap: ruby1.9.1 on ia64 is broken, neglected and lucas as one of its maintainers agrees to remove it on ia64. Dear release team: How do we move this forward? Should I follow http://wiki.debian.org/ftpmaster_Removals? Start by making a list of affected packages. Then figure out which one would need complete removal and which ones need source changes to disable the ruby parts on ia64. Then run away screaming. Cheers, Julien signature.asc Description: Digital signature
Bug#591969: Bug#695158: Bug#591969: Bug#695158: wheezy-ignore tag for RC bug #591969 in typo3-src
Am 06.12.2012 12:07, schrieb Neil McGovern: So, it looks like this bug isn't going to get fixed :( I'm unsure, if flex-sdk can compile AS1 code, but it can compile AS3 code. So at least the AS3 part can be fixed, whenever flex-sdk enters debian. Hrm. This doesn't quite cover the expected lifetime of Wheezy. All newer versions up to 6.0 have shorter lifetimes. 4.5 and 6.0 have the same end of maintanance period. It's a judgement call, but given the LTS promise from upstream, I'll add a wheezy-ignore tag to this. I'd like to be clear that this will not be repeated for Jessie, but hopefully 6.0 will be in the archive then and this bug can be closed. As i wrote: 6.0 added an even bigger chunk of AS3 code which cannot be compiled without flex-sdk. -- MfG, Christian Welzel GPG-Key: pub 4096R/5117E119 2011-09-19 Fingerprint: 3688 337C 0D3E 3725 94EC E401 8D52 CDE9 5117 E119 -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#669513: Removal of gnat-4.4 due to RC bug #669513
Hi, since we have gnat-4.6 in wheezy and gnat-4.4 does not build anymore (see #669513), can gnat-4.4 be removed? Best regards, Tobias -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#694368: libfuzzy{2,-dev}: missing Breaks+Replaces: ssdeep ( 2.6)
Source: ssdeep Source-Version: 2.7-2 Hi Christophe On Thu, Dec 06, 2012 at 03:08:03PM +0100, Christophe Monniez wrote: the fix was just uploaded. Thanks! Do we need a release excpetion for this to be accepeted ? Just fill a bug for pseudopackage release.debian.org for a unblock request. Include the debdiff against the current version in testing. Best is to create the bugreport with reportbug. Does this helps? Regards, Salvatore signature.asc Description: Digital signature
Bug#593141: Bug#653582: ruby-hpricot: FTBFS on ia64: ruby crashes while running tests
Michael Stapelberg dijo [Thu, Dec 06, 2012 at 10:22:00AM +0100]: On Mon, 16 Jan 2012 21:20:07 +0100 Lucas Nussbaum lu...@debian.org wrote: Dear release team, at some point before the wheezy release, we need to decide what to do with Ruby 1.9.X on ia64. It has been broken for months, and hasn't seen any activity in Debian (#539141) or upstream (http://bugs.ruby-lang.org/issues/5246). I think that removing it (with all its rev-depends) makes more sense than shipping a known-broken Ruby. To recap: ruby1.9.1 on ia64 is broken, neglected and lucas as one of its maintainers agrees to remove it on ia64. Dear release team: How do we move this forward? Should I follow http://wiki.debian.org/ftpmaster_Removals? Wow... I have never had access to a IA64 machine. And yes, we are aware of this breakage for a long time. But... How many packages in the archive depend on the default version of Ruby? We can argue that most Ruby packages are likely to be still usable under Ruby 1.8. Sigh... I don't like the idea of dropping Ruby1.9.1 altogether from an architecture, but in this light, I cannot provide any alternatives. -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#695254: clementine does not start
Control: tags -1 + unreproducible moreinfo On Thu, Dec 06, 2012 at 09:29:04AM +0100, phileom wrote: Dear Maintainer, After d-u clementine isn't usable anymore, and I have a segmentation fault from Konsole. Unable to reproduce. See http://wiki.debian.org/HowToGetABacktrace for some info about reporting crash bugs properly. ii libtag1c2a 1.8-dmo1 Please do not report bugs related to packages from deb-multimedia.org. -- WBR, wRAR signature.asc Description: Digital signature
Processed: Re: Bug#695254: clementine does not start
Processing control commands: tags -1 + unreproducible moreinfo Bug #695254 [clementine] clementine does not start Added tag(s) unreproducible and moreinfo. -- 695254: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=695254 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#593141: Bug#653582: ruby-hpricot: FTBFS on ia64: ruby crashes while running tests
What is broken about it? Has anyone estimated how much effort it would take to fix? Are we talking needing assembly language bindings or just some dumb SIGBUS error? Patrick Baggett On Thu, Dec 6, 2012 at 11:37 AM, Gunnar Wolf gw...@gwolf.org wrote: Michael Stapelberg dijo [Thu, Dec 06, 2012 at 10:22:00AM +0100]: On Mon, 16 Jan 2012 21:20:07 +0100 Lucas Nussbaum lu...@debian.org wrote: Dear release team, at some point before the wheezy release, we need to decide what to do with Ruby 1.9.X on ia64. It has been broken for months, and hasn't seen any activity in Debian (#539141) or upstream (http://bugs.ruby-lang.org/issues/5246). I think that removing it (with all its rev-depends) makes more sense than shipping a known-broken Ruby. To recap: ruby1.9.1 on ia64 is broken, neglected and lucas as one of its maintainers agrees to remove it on ia64. Dear release team: How do we move this forward? Should I follow http://wiki.debian.org/ftpmaster_Removals? Wow... I have never had access to a IA64 machine. And yes, we are aware of this breakage for a long time. But... How many packages in the archive depend on the default version of Ruby? We can argue that most Ruby packages are likely to be still usable under Ruby 1.8. Sigh... I don't like the idea of dropping Ruby1.9.1 altogether from an architecture, but in this light, I cannot provide any alternatives. -- To UNSUBSCRIBE, email to debian-ia64-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20121206173741.gc28...@gwolf.org
Processed: Re: Bug#695284: tsung compiled with outdated erlang version
Processing control commands: tags -1 + confirmed patch Bug #695284 [tsung] tsung compiled with outdated erlang version Added tag(s) confirmed and patch. -- 695284: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=695284 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#695284: tsung compiled with outdated erlang version
Control: tags -1 + confirmed patch On Thu, Dec 06, 2012 at 10:53:48AM -0500, Stuart Freeman wrote: When I run `tsung -f tsung.xml start` it says: Erlang version has changed ! [5.8.5] != [5.9.1] Must create new boot files (you may have to run this one time as root ! ) creating boot file for tsung application init terminating in do_boot () creating boot file for tsung_controller application init terminating in do_boot () Starting Tsung {init terminating in do_boot,{'cannot load',error_handler,get_files}} init terminating in do_boot () It appears that tsung needs to be recompiled with the 5.9.1 version of erlang that is shipped in unstable. I've rebuilt tsung in the current sid chroot and it works. So it needs either a binNMU or an upload with proper dependencies on erlang. -- WBR, wRAR signature.asc Description: Digital signature
Processed: ...
Processing commands for cont...@bugs.debian.org: severity 695050 grave Bug #695050 [python-webob] python-webob: webob last stable version 1.1.1 response header bug Severity set to 'grave' from 'important' kthxbye Stopping processing here. Please contact me if you need assistance. -- 695050: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=695050 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#593141: Bug#653582: ruby-hpricot: FTBFS on ia64: ruby crashes while running tests
On Thu, Dec 06, 2012 at 06:13:31PM +0100, Julien Cristau wrote: On Thu, Dec 6, 2012 at 10:22:00 +0100, Michael Stapelberg wrote: On Mon, 16 Jan 2012 21:20:07 +0100 Lucas Nussbaum lu...@debian.org wrote: Dear release team, at some point before the wheezy release, we need to decide what to do with Ruby 1.9.X on ia64. It has been broken for months, and hasn't seen any activity in Debian (#539141) or upstream (http://bugs.ruby-lang.org/issues/5246). I think that removing it (with all its rev-depends) makes more sense than shipping a known-broken Ruby. To recap: ruby1.9.1 on ia64 is broken, neglected and lucas as one of its maintainers agrees to remove it on ia64. Dear release team: How do we move this forward? Should I follow http://wiki.debian.org/ftpmaster_Removals? Start by making a list of affected packages. Then figure out which one would need complete removal and which ones need source changes to disable the ruby parts on ia64. Then run away screaming. Revisiting your previous suggestion about this ... Removal would be second best after making it work, IMO. If we know it doesn't work at all then there's no point shipping it. If it kinda sorta works but not completely, wheezy-ignore might make more sense. I would say it does kinda sorta works but not completely ... so maybe wheezy-ignore should be the case. Yes, it segfaults when building a single package on ia64, and will probably segfault in a specific point when running its own test suite¹, but apart from that, we don't have evidence suggesting that ruby1.9.1 is completely broken on ia64. ¹ test suite which is known to exercise the code in interesting and not always realistic ways. It would be nice to read reports from people actually using ruby1.9.1 on ia64, though. -- Antonio Terceiro terce...@debian.org signature.asc Description: Digital signature
Bug#692650: Patches for CVE-2012-5783 and CVE-2012-5784
Hi I've uploaded new packages to mentors. I'll be out until Monday, so feel free to review the patches and sponsor the new version if all you are confident it's all ok I think now it's fine , but if you find some other bug or improvement, I'll be happy to correct it. I'll insist next week upstream to include the last fix. El jue, 06-12-2012 a las 13:58 +0100, Andreas Tille escribió: Hi Alberto, thanks for your continuous work on this. As I said in my previous mail please remember to reopen the according bugs to make sure the previous solution will not migrate to testing. I'll volunteer to sponsor your new version if you confirm that this is needed to finally fix the issue. Kind regards Andreas. On Thu, Dec 06, 2012 at 01:49:07PM +0100, Alberto Fernández wrote: Hi All, I've prepared the patch with the problem pointed by David fixed (thanks David). It also fixes a bug related to wildcard certificates. The first patch is backported from httpclient 4.0 and apache synapse. This second patch backports some fixes from httpclient 4.2 The patch differ a lot from 4.x line for two reasons: first, the code arquitecture changes, second , I want to mantain the 3.1 api unchanged, so all methods are private and only apply to one class. The patch for axis and commons-httpclient is the same. In the function they create a SSLSocket, I've put the same routine to validate the hostname against certificate valid names. I'll upload the new patches in their place. Please review them and when ready I can upload a new package to mentors. Thanks -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#695239: winetricks won't install alongside wine:i386
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 severity 695239 important reassign 695239 wine 1.4.1-1 retitle 695239 wine meta-package is not multiarch kthxbye Hi, this bug is in the wine metapackage rather than in winetricks. I also think it is not grave because what you did is not what the average user does. The wine:amd64 package will pull in i386 dependencies even if not specifically requested, so doing apt-get install wine rather than wine:i386 in the first place does the trick. Cheers, Nik - -- * mirabilos is handling my post-1990 smartphone * mirabilos Aaah, it vibrates! Wherefor art thou, daemonic device?? PGP fingerprint: 2086 9A4B E67D 1DCD FFF6 F6C1 59FC 8E1D 6F2A 8001 -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.19 (GNU/Linux) iQFOBAEBCAA4BQJQwN9YMRpodHRwczovL3d3dy5kb21pbmlrLWdlb3JnZS5kZS9n cGctcG9saWN5LnR4dC5hc2MACgkQWfyOHW8qgAGwvAf9Fj6GczYhcnQlHFh5DIMW eTouf4FmdbzPmuaGmg0C+NPrIfHgyYLfJLvZxqJM4MNjHlugsVVt8RBz+RWuy9sy NJXrwh1X6YyA6p4ofDlrGBOKkN6xvyAGYDv8aC/Dvb9K+cPEUwOPmrx5Oti2+pph 186ZlKVgaw00Cz/wLOCpfH4g1bon/VljSpTD93FRYi5rXvOdsi3AhyMK8RHbx4yH g9BkGCb8V+SQXsx846d9H1iAzEdkwJfoFW1REyxduTMaCKtWO4wRCuAYudbyJlvv hAQEWjgu1DWLK2mtVQmlQatXnNyJCYeZtLpbA0z83WYKPTVP/j294HzdDtdwERHJ 8g== =vWMH -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#695274: libparse-debian-packages-perl: Problem parsing stanzas with more than 1 multiline entry
Control: severity -1 important Hi Simon On Thu, Dec 06, 2012 at 03:11:27PM +0100, Simon Kainz wrote: Version: 0.03-1 Severity: grave Tags: upstream Justification: causes non-serious data loss Using libparse-debain-packages-perl, the following problem arises when parsing stanzas with more than 1 multiline entry: If a multiline entry is found, all lines of this entry are added to the result map under the key body. If a different multiline entry is processed later on, all multiline entries are added to the same map entry body, effectively mixing up content from different multiline fields. After discussion with Gregor and Ansgar from the pkg-perl Team, we agreed to downgrade this. Unless I have overseen something, this does not break for any of the Fields defined explicitly in Policy and relevant for the Packages files. Certaily should be fixed if possible for wheezy however. Regards, Salvatore signature.asc Description: Digital signature
Processed: Re: Bug#695274: libparse-debian-packages-perl: Problem parsing stanzas with more than 1 multiline entry
Processing control commands: severity -1 important Bug #695274 [libparse-debian-packages-perl] libparse-debian-packages-perl: Problem parsing stanzas with more than 1 multiline entry Severity set to 'important' from 'grave' -- 695274: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=695274 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: Re: winetricks won't install alongside wine:i386
Processing commands for cont...@bugs.debian.org: severity 695239 important Bug #695239 [winetricks] winetricks won't install alongside wine:i386 Severity set to 'important' from 'serious' reassign 695239 wine 1.4.1-1 Bug #695239 [winetricks] winetricks won't install alongside wine:i386 Bug reassigned from package 'winetricks' to 'wine'. No longer marked as found in versions winetricks/0.0+20121030+svn918-1. Ignoring request to alter fixed versions of bug #695239 to the same values previously set Bug #695239 [wine] winetricks won't install alongside wine:i386 Marked as found in versions wine/1.4.1-1. retitle 695239 wine meta-package is not multiarch Bug #695239 [wine] winetricks won't install alongside wine:i386 Changed Bug title to 'wine meta-package is not multiarch' from 'winetricks won't install alongside wine:i386' kthxbye Stopping processing here. Please contact me if you need assistance. -- 695239: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=695239 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#694368: marked as done (libfuzzy{2,-dev}: missing Breaks+Replaces: ssdeep ( 2.6))
Your message dated Thu, 6 Dec 2012 19:13:24 +0100 with message-id 20121206181324.ga2...@elende.valinor.li and subject line Re: Bug#694368: libfuzzy{2,-dev}: missing Breaks+Replaces: ssdeep ( 2.6) has caused the Debian Bug report #694368, regarding libfuzzy{2,-dev}: missing Breaks+Replaces: ssdeep ( 2.6) to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 694368: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=694368 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: libfuzzy2,libfuzzy-dev Version: 2.6-1 Severity: serious User: trei...@debian.org Usertags: edos-file-overwrite Architecture: amd64 Distribution: squeeze-wheezy (partial) upgrade Hi, automatic installation tests of packages that share a file and at the same time do not conflict by their package dependency relationships has detected the following problem: Selecting previously deselected package ssdeep. (Reading database ... 6286 files and directories currently installed.) Unpacking ssdeep (from .../ssdeep_2.5-1_amd64.deb) ... Setting up ssdeep (2.5-1) ... Selecting previously deselected package libfuzzy2. (Reading database ... 6359 files and directories currently installed.) Unpacking libfuzzy2 (from .../libfuzzy2_2.7-1_amd64.deb) ... dpkg: error processing /var/cache/apt/archives/libfuzzy2_2.7-1_amd64.deb (--unpack): trying to overwrite '/usr/lib/libfuzzy.so.2.0.0', which is also in package ssdeep 2.5-1 Selecting previously deselected package libfuzzy-dev. Unpacking libfuzzy-dev (from .../libfuzzy-dev_2.7-1_amd64.deb) ... dpkg: error processing /var/cache/apt/archives/libfuzzy-dev_2.7-1_amd64.deb (--unpack): trying to overwrite '/usr/include/fuzzy.h', which is also in package ssdeep 2.5-1 This is a serious bug as it makes installation/upgrade fail, and violates sections 7.6.1 and 10.1 of the policy. As this problem can be demonstrated during partial upgrades from squeeze to wheezy (but not within squeeze or wheezy itself), this indicates a missing or insufficiently versioned Replaces+Breaks relationship. But since this particular upgrade ordering is not forbidden by any dependency relationship, it is possible that apt (or $PACKAGE_MANAGER) will use this erroneus path on squeeze-wheezy upgrades. Here is a list of files that are known to be shared by both packages (according to the Contents files for squeeze and wheezy on amd64, which may be slightly out of sync): usr/lib/libfuzzy.so.2 usr/lib/libfuzzy.so.2.0.0 usr/include/fuzzy.h usr/lib/libfuzzy.so The library was moved to a separate package recently: ssdeep (2.6-1) unstable; urgency=low * Split the libfuzzy library from the ssdeep package. The following relationships are currently defined: Package: libfuzzy2, libfuzzy-dev Conflicts: n/a Breaks:n/a Replaces: n/a The following relationships should be added for a clean takeover of these files (http://www.debian.org/doc/debian-policy/ch-relationships.html#s-replaces): Package: libfuzzy2 Breaks: ssdeep ( 2.6) Replaces: ssdeep ( 2.6) Package: libfuzzy-dev Breaks: ssdeep ( 2.6) Replaces: ssdeep ( 2.6) Cheers, Andreas PS: for more information about the detection of file overwrite errors of this kind see http://edos.debian.net/file-overwrites/. ssdeep=2.5-1_libfuzzy2=2.7-1.log.gz Description: GNU Zip compressed data ---End Message--- ---BeginMessage--- Source: ssdeep Source-Version: 2.7-2 Closing, as fixed in 2.7-2 (did the close wrong in mail before). Regards, Salvatore---End Message---
Bug#664895: Continued issues for forward
On Sat, April 7, 2012 17:22, Thijs Kinkhorst wrote: We'll have to investigate how to best fix this. I'm currently preparing a patch in cooperation with upstream. Cheers, Thijs -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#695066: FTBFS
The package FTBFS in a clean environment: = gfortran seclf1.F make[4]: Leaving directory `/tmp/buildd/geant321-3.21.14.dfsg/build/geant321/matx55' cd /tmp/buildd/geant321-3.21.14.dfsg/lib ln -s ../src/geant321/data/xsneut95.dat xsneut95.dat /bin/sh: 1: cd: can't cd to /tmp/buildd/geant321-3.21.14.dfsg/lib make[3]: *** [/tmp/buildd/geant321-3.21.14.dfsg/lib/xsneut95.dat] Error 2 make[3]: *** Waiting for unfinished jobs gfortran seclf5.F gfortran seclf7.F gfortran seclf9.F gfortran stopar.F gfortran tbsplt.F gfortran thrmsc.F gfortran thrsel.F gfortran trebod.F gfortran twobod.F gfortran xsecn1.F gfortran xsecn2.F gfortran xsecn3.F gfortran xsecn5.F gfortran xsecnu.F make[4]: Leaving directory `/tmp/buildd/geant321-3.21.14.dfsg/build/geant321/neutron' make[3]: Leaving directory `/tmp/buildd/geant321-3.21.14.dfsg/build/geant321' make[2]: *** [cernlib-libraries] Error 2 make[2]: Leaving directory `/tmp/buildd/geant321-3.21.14.dfsg' make[1]: *** [stampdir/cernlib-arch-stamp] Error 2 make[1]: Leaving directory `/tmp/buildd/geant321-3.21.14.dfsg' make: *** [build-arch] Error 2 dpkg-buildpackage: error: debian/rules build gave error exit status 2 = Anton -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#692650: Patches for CVE-2012-5783 and CVE-2012-5784
Hi, On Thu, Dec 06, 2012 at 07:02:54PM +0100, Alberto Fernández wrote: Hi I've uploaded new packages to mentors. I'll be out until Monday, so feel free to review the patches and sponsor the new version if all you are confident it's all ok I admit I'm no Java programmer and I do not feel competent to serve as a reviewer for security relevant problems. So again: If the recently uploaded packages axis 1.4-16.1 commons-httpclient 3.1-10.1 remain a security risk we *definitely* need to reopen the bugs that were closed with the upload. This is needed for two reasons: 1. Keep a record in BTS about the remaining problem 2. Make sure release managers will accept only those packages that are closing RC bugs. Can you please confirm whether the security risk remains or whether there is just a bug that is not nice but no real security risk. I think now it's fine , but if you find some other bug or improvement, I'll be happy to correct it. I'll insist next week upstream to include the last fix. Its a good thing to convince upstream but for the moment the Debian release we need to decide what fix will make it into our release (the one just uploaded or your newly prepared patch). Thanks for your work on this Andreas. El jue, 06-12-2012 a las 13:58 +0100, Andreas Tille escribió: Hi Alberto, thanks for your continuous work on this. As I said in my previous mail please remember to reopen the according bugs to make sure the previous solution will not migrate to testing. I'll volunteer to sponsor your new version if you confirm that this is needed to finally fix the issue. Kind regards Andreas. On Thu, Dec 06, 2012 at 01:49:07PM +0100, Alberto Fernández wrote: Hi All, I've prepared the patch with the problem pointed by David fixed (thanks David). It also fixes a bug related to wildcard certificates. The first patch is backported from httpclient 4.0 and apache synapse. This second patch backports some fixes from httpclient 4.2 The patch differ a lot from 4.x line for two reasons: first, the code arquitecture changes, second , I want to mantain the 3.1 api unchanged, so all methods are private and only apply to one class. The patch for axis and commons-httpclient is the same. In the function they create a SSLSocket, I've put the same routine to validate the hostname against certificate valid names. I'll upload the new patches in their place. Please review them and when ready I can upload a new package to mentors. Thanks -- http://fam-tille.de -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#669513: Removal of gnat-4.4 due to RC bug #669513
Tobias Hansen writes: since we have gnat-4.6 in wheezy and gnat-4.4 does not build anymore (see #669513), can gnat-4.4 be removed? Yes but maybe notify the maintainers of the sole package still depending on it, ghdl. This package is the reason I've refrained from asking for removal of gnat-4.4 sthus far. Thanks for your time and concern -- Ludovic Brenta. -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#669513: Removal of gnat-4.4 due to RC bug #669513
Am 06.12.2012 20:44, schrieb Ludovic Brenta: Tobias Hansen writes: since we have gnat-4.6 in wheezy and gnat-4.4 does not build anymore (see #669513), can gnat-4.4 be removed? Yes but maybe notify the maintainers of the sole package still depending on it, ghdl. This package is the reason I've refrained from asking for removal of gnat-4.4 sthus far. Thanks for your time and concern Since you are a gnat-4.4 uploader, will you file the removal request? I will file a bug against ghdl. By the way, ghdl is not in wheezy anymore, only in unstable. Cheers, Tobias -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#694868: kmymoney: After configuring reports in Polish, Save causes segfault and loss of user profile
On Sun, Dec 02, 2012 at 05:17:58PM +0600, Andrey Rahmatullin wrote: See also https://bugs.kde.org/show_bug.cgi?id=258974 and https://projects.kde.org/projects/extragear/office/kmymoney/repository/revisions/7019c148079fbb9ba3d1b8331c09d2c994215c91/diff/kmymoney/dialogs/kreportconfigurationfilterdlg.cpp So, I suppose the best workaround for now would be doing the same as this patch does, replacing All accounts with @item all accounts in the code (if it helps, of course). -- WBR, wRAR signature.asc Description: Digital signature
Bug#692650: Patches for CVE-2012-5783 and CVE-2012-5784
Hi I've reopened the two bugs. The first patch was incomplete, as pointed by David and by other bug i've found reviewing the code. The bug pointed by David can occur in some rare cases where the CA issues malformed certificates. It's rare, but there are may CA... The other bug it's about wildcard certificate validation. The first patch incorrect validates some cases. They're also rare cases of certificates of type *.xxx.com. Both are very rare cases, but I think they must be fixed before release. In outline, hosts name correctly validated: original - 0% (no validation at all) first patch - ¿99%? Never fails with valid certificates, block majority of invalid request. allow few rare cases which should be blocked second patch - 100%. I hope. Thanks for your patience -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#694521: marked as done (libxml2: CVE-2012-5134)
Your message dated Thu, 06 Dec 2012 21:32:24 + with message-id e1tgj3q-0005up...@franck.debian.org and subject line Bug#694521: fixed in libxml2 2.7.8.dfsg-2+squeeze6 has caused the Debian Bug report #694521, regarding libxml2: CVE-2012-5134 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 694521: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=694521 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: libxml2 Version: 2.6.32.dfsg-5+lenny3 Severity: grave Tags: security Justification: user security hole The following was discovered by the Google Chrome developers: http://googlechromereleases.blogspot.in/2012/11/stable-channel-update.html Fix: http://git.gnome.org/browse/libxml2/commit/?id=6a36fbe3b3e001a8a840b5c1fdd81cefc9947f0d Cheers, Moritz ---End Message--- ---BeginMessage--- Source: libxml2 Source-Version: 2.7.8.dfsg-2+squeeze6 We believe that the bug you reported is fixed in the latest version of libxml2, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 694...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Aron Xu a...@debian.org (supplier of updated libxml2 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Wed, 28 Nov 2012 22:43:42 +0800 Source: libxml2 Binary: libxml2 libxml2-utils libxml2-dev libxml2-dbg libxml2-doc python-libxml2 python-libxml2-dbg Architecture: source amd64 all Version: 2.7.8.dfsg-2+squeeze6 Distribution: stable-security Urgency: high Maintainer: Debian XML/SGML Group debian-xml-sgml-p...@lists.alioth.debian.org Changed-By: Aron Xu a...@debian.org Description: libxml2- GNOME XML library libxml2-dbg - Debugging symbols for the GNOME XML library libxml2-dev - Development files for the GNOME XML library libxml2-doc - Documentation for the GNOME XML library libxml2-utils - XML utilities python-libxml2 - Python bindings for the GNOME XML library python-libxml2-dbg - Python bindings for the GNOME XML library (debug extension) Closes: 694521 Changes: libxml2 (2.7.8.dfsg-2+squeeze6) stable-security; urgency=high . [ Daniel Veillard ] * Fix potential out of bound access CVE-2012-5134, Closes: #694521. Checksums-Sha1: 60728adde0af07037674245e7fa32728927615e1 1846 libxml2_2.7.8.dfsg-2+squeeze6.dsc a07003d84f76e7a813001fbcce750159f13ed9b0 119400 libxml2_2.7.8.dfsg-2+squeeze6.diff.gz 38b8a065ac11f69bcffa3a8d96ad21f304142c20 873446 libxml2_2.7.8.dfsg-2+squeeze6_amd64.deb 7422403c730b4dda2622ae3d17077d9c80620b85 93810 libxml2-utils_2.7.8.dfsg-2+squeeze6_amd64.deb 6382c778d77fda5dce5d2b76cc011a43076c0471 830250 libxml2-dev_2.7.8.dfsg-2+squeeze6_amd64.deb 5be54bb3b3b71a3e86b39f12936956776614416c 990118 libxml2-dbg_2.7.8.dfsg-2+squeeze6_amd64.deb 3633df7c954040c39e9393bfe75fbdaf01ff0584 1344798 libxml2-doc_2.7.8.dfsg-2+squeeze6_all.deb 9a28305a2bdeed44e3b5e03d5aef6061ce2da8fe 338080 python-libxml2_2.7.8.dfsg-2+squeeze6_amd64.deb 3739b4c93135fa53974b54eac4721b2c96dd34d0 871470 python-libxml2-dbg_2.7.8.dfsg-2+squeeze6_amd64.deb Checksums-Sha256: dd81e0dfc6272ab042d190dc40ca25c93d2a76e14d8c1ac7bc3acfa4c0989161 1846 libxml2_2.7.8.dfsg-2+squeeze6.dsc 5dda8d0c9ebf4d7ac3f2aad2c6861069776e0c6fe1c1e16e05b141cf590d4d3e 119400 libxml2_2.7.8.dfsg-2+squeeze6.diff.gz dd797eef5b32bee580fc085059cd3c1d8b0cced91ce25a3989606b35bd147d9d 873446 libxml2_2.7.8.dfsg-2+squeeze6_amd64.deb 436f18ba4d7bb8124833dd28d97fb0facc31234e9a90943fd9665672c2ba176e 93810 libxml2-utils_2.7.8.dfsg-2+squeeze6_amd64.deb d1a4a89f7541f154373bef1e4c72cffb2b218b94f42c4774714347f285198e2a 830250 libxml2-dev_2.7.8.dfsg-2+squeeze6_amd64.deb 9c80d395800138b1c25dfbb179434e062517dfa6e2e3b332eb681b90975ddf67 990118 libxml2-dbg_2.7.8.dfsg-2+squeeze6_amd64.deb e7fef7ea9157dd0e8e752dbbf97d9b74965c66d65ab965c9976e68df99b8cf23 1344798 libxml2-doc_2.7.8.dfsg-2+squeeze6_all.deb 6e974e009954a58bde7c80ecf2df4f6a1e9bd0e496f027abd626df325ac61c8e 338080 python-libxml2_2.7.8.dfsg-2+squeeze6_amd64.deb b96196a273c5875106668cddb87f62da328c148d1373b76f0b4b8819cac5516a 871470 python-libxml2-dbg_2.7.8.dfsg-2+squeeze6_amd64.deb Files: 753f54d2c4f4e6af91533a25a9870c87 1846 libs optional
Bug#692130: marked as done (vlc: CVE-2012-5470)
Your message dated Thu, 06 Dec 2012 21:48:48 + with message-id e1tgjji-0002ft...@franck.debian.org and subject line Bug#692130: fixed in vlc 2.0.3-4 has caused the Debian Bug report #692130, regarding vlc: CVE-2012-5470 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 692130: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=692130 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: vlc Severity: grave Tags: security Justification: user security hole Please see http://openwall.com/lists/oss-security/2012/10/24/3 Cheers, Moritz ---End Message--- ---BeginMessage--- Source: vlc Source-Version: 2.0.3-4 We believe that the bug you reported is fixed in the latest version of vlc, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 692...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Benjamin Drung bdr...@debian.org (supplier of updated vlc package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Thu, 06 Dec 2012 21:55:05 +0100 Source: vlc Binary: libvlc-dev libvlc5 libvlccore-dev libvlccore5 vlc vlc-data vlc-dbg vlc-nox vlc-plugin-fluidsynth vlc-plugin-jack vlc-plugin-notify vlc-plugin-pulse vlc-plugin-sdl vlc-plugin-svg vlc-plugin-zvbi Architecture: source amd64 all Version: 2.0.3-4 Distribution: testing Urgency: low Maintainer: Debian Multimedia Maintainers pkg-multimedia-maintain...@lists.alioth.debian.org Changed-By: Benjamin Drung bdr...@debian.org Description: libvlc-dev - development files for libvlc libvlc5- multimedia player and streamer library libvlccore-dev - development files for libvlccore libvlccore5 - base library for VLC and its modules vlc- multimedia player and streamer vlc-data - Common data for VLC vlc-dbg- debugging symbols for vlc vlc-nox- multimedia player and streamer (without X support) vlc-plugin-fluidsynth - FluidSynth plugin for VLC vlc-plugin-jack - Jack audio plugins for VLC vlc-plugin-notify - LibNotify plugin for VLC vlc-plugin-pulse - PulseAudio plugin for VLC vlc-plugin-sdl - SDL video and audio output plugin for VLC vlc-plugin-svg - SVG plugin for VLC vlc-plugin-zvbi - VBI teletext plugin for VLC Closes: 692130 Changes: vlc (2.0.3-4) testing; urgency=low . * SECURITY UPDATE: denial of service via crafted PNG file (Closes: #692130) - CVE-2012-5470 Checksums-Sha1: a244bafc51c83a51f8f2cab50087990d7fe4b3e5 4844 vlc_2.0.3-4.dsc fb092d2a54844ccecff8effa8abf8fd926948cc0 58849 vlc_2.0.3-4.debian.tar.gz 5b53f723c9f76da98eda8eed14b11ca83a311669 59484 libvlc-dev_2.0.3-4_amd64.deb 7df718dd42fc7392fceb1f055243534c489b0c04 39264 libvlc5_2.0.3-4_amd64.deb 5fa2043ad30a41aa6f5a61e4d2ae77bbcaf00d99 504596 libvlccore-dev_2.0.3-4_amd64.deb e18a6da841c8550b1090ea7e28879f0e3165b0c8 356468 libvlccore5_2.0.3-4_amd64.deb d98adbd171a998187105d9a5ee9dc5f5ff024163 1050612 vlc_2.0.3-4_amd64.deb 2ca4d89968e5bb5d2e3cc4a4a89230c86ac72eff 5104920 vlc-data_2.0.3-4_all.deb de77495eebf061822c070823dc93fdca9985696a 13273302 vlc-dbg_2.0.3-4_amd64.deb d2642ebb50503d92b0bfabdb28eb74a541b714b9 2550258 vlc-nox_2.0.3-4_amd64.deb 3cfdb6aa01b1f941de5a77c49bafb4f7ae47692f 5468 vlc-plugin-fluidsynth_2.0.3-4_amd64.deb f2cde8430e69c45163199ed940473413cd1a5d1c 10476 vlc-plugin-jack_2.0.3-4_amd64.deb b7fd73efcaa5887aee4ba21efcdf2473ac76e792 5608 vlc-plugin-notify_2.0.3-4_amd64.deb 47a414a7e5a9c2d5baced95ae7200274dceac7a3 16680 vlc-plugin-pulse_2.0.3-4_amd64.deb 94f45d6e8c831f2b06b0e515fd4205030893 8088 vlc-plugin-sdl_2.0.3-4_amd64.deb 9d915cf99fea70f70a08859bdca2fc0a83f2cd04 6292 vlc-plugin-svg_2.0.3-4_amd64.deb ff0a037c59ab6ac6dfcd10de91f1db4fcfe9cea3 8018 vlc-plugin-zvbi_2.0.3-4_amd64.deb Checksums-Sha256: e3dac665dfde3fd679958de066146fc360ece159f6c7707c2fab07081fc4b5ce 4844 vlc_2.0.3-4.dsc f4102cc7ab5560fa147e61b5c62c1030d8ded7ec27c752c83793a0ab6d08c46d 58849 vlc_2.0.3-4.debian.tar.gz cab38b1a8e916d31118afc579940b31199e1a9f68d29094b34908f6755f0465e 59484 libvlc-dev_2.0.3-4_amd64.deb 9c6dad68c48f8461b2a94bd01d6810e816e572c67a79371df3e531450dfbd87c 39264 libvlc5_2.0.3-4_amd64.deb
Bug#695248: marked as done (mesa: CVE-2012-5129)
Your message dated Thu, 6 Dec 2012 22:56:07 +0100 with message-id 20121206215607.gx5...@radis.cristau.org and subject line Re: Bug#695248: mesa: CVE-2012-5129 has caused the Debian Bug report #695248, regarding mesa: CVE-2012-5129 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 695248: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=695248 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: mesa Severity: grave Tags: security Justification: user security hole This issue affects mesa: http://googlechromereleases.blogspot.de/2012/11/stable-update-for-chrome-os_30.html Proposed patch: http://www.mail-archive.com/mesa-dev@lists.freedesktop.org/msg29015.html I don't see the vulnerable code in Squeeze, so I marked it not-affected in the Security Tracker. Cheers, Moritz ---End Message--- ---BeginMessage--- Version: 8.0.5-3 On Thu, Dec 6, 2012 at 08:37:05 +0100, Moritz Muehlenhoff wrote: Package: mesa Severity: grave Tags: security Justification: user security hole This issue affects mesa: http://googlechromereleases.blogspot.de/2012/11/stable-update-for-chrome-os_30.html Proposed patch: http://www.mail-archive.com/mesa-dev@lists.freedesktop.org/msg29015.html Applied, and uploaded. Silly me forgot to close the bug in the changelog. Cheers, Julien signature.asc Description: Digital signature ---End Message---
Processed: tagging: #683010 just in Wheezy and Sid, not Squeeze
Processing commands for cont...@bugs.debian.org: tag 683010 - squeeze-ignore + wheezy sid Bug #683010 [src:evolvotron] FTBFS on ia64: one or more PCH files were found, but they were invalid Removed tag(s) squeeze-ignore. Bug #683010 [src:evolvotron] FTBFS on ia64: one or more PCH files were found, but they were invalid Added tag(s) sid and wheezy. kthxbye Stopping processing here. Please contact me if you need assistance. -- 683010: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683010 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#683010: marked as done (FTBFS on ia64: one or more PCH files were found, but they were invalid)
Your message dated Thu, 06 Dec 2012 22:32:30 + with message-id e1tgjza-0006ka...@franck.debian.org and subject line Bug#683010: fixed in evolvotron 0.6.2-1 has caused the Debian Bug report #683010, regarding FTBFS on ia64: one or more PCH files were found, but they were invalid to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 683010: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683010 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Source: evolvotron Version: 0.6.1-2 Severity: serious Justification: fails to build from source evolvotron fails to build from source on ia64, but built in the past: make[2]: Entering directory `/build/buildd-evolvotron_0.6.1-2-ia64-3XMEtF/evolvotron-0.6.1/libfunction' make[2]: Nothing to be done for `first'. make[2]: Leaving directory `/build/buildd-evolvotron_0.6.1-2-ia64-3XMEtF/evolvotron-0.6.1/libfunction' cd libevolvotron/ /usr/bin/make -f Makefile make[2]: Entering directory `/build/buildd-evolvotron_0.6.1-2-ia64-3XMEtF/evolvotron-0.6.1/libevolvotron' g++ -c -include evolvotron -pipe -O2 -DEVOLVOTRON_VERSION=0.6.1 -DEVOLVOTRON_BUILD=0.6.1 (Build options: Release) -DNDEBUG -DQT_NO_ASCII_CAST -pthread -DBOOST_SP_USE_PTHREADS -fPIC -D_REENTRANT -Wall -W -DPLATFORM_LINUX -DQT_NO_DEBUG -DQT_XML_LIB -DQT_GUI_LIB -DQT_CORE_LIB -DQT_SHARED -I/usr/share/qt4/mkspecs/linux-g++ -I. -I/usr/include/qt4/QtCore -I/usr/include/qt4/QtGui -I/usr/include/qt4/QtXml -I/usr/include/qt4 -I../libfunction -Imoc -o dialog_help.o dialog_help.cpp cc1plus: error: one or more PCH files were found, but they were invalid cc1plus: error: use -Winvalid-pch for more information cc1plus: fatal error: evolvotron: No such file or directory compilation terminated. make[2]: *** [dialog_help.o] Error 1 make[2]: Leaving directory `/build/buildd-evolvotron_0.6.1-2-ia64-3XMEtF/evolvotron-0.6.1/libevolvotron' make[1]: *** [sub-libevolvotron-make_default] Error 2 make: *** [build-stamp] Error 2 make[1]: Leaving directory `/build/buildd-evolvotron_0.6.1-2-ia64-3XMEtF/evolvotron-0.6.1' https://buildd.debian.org/status/fetch.php?pkg=evolvotronarch=ia64ver=0.6.1-2stamp=1336572050 ---End Message--- ---BeginMessage--- Source: evolvotron Source-Version: 0.6.2-1 We believe that the bug you reported is fixed in the latest version of evolvotron, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 683...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Axel Beckert a...@debian.org (supplier of updated evolvotron package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Thu, 06 Dec 2012 21:45:31 +0100 Source: evolvotron Binary: evolvotron Architecture: source amd64 Version: 0.6.2-1 Distribution: unstable Urgency: low Maintainer: Axel Beckert a...@debian.org Changed-By: Axel Beckert a...@debian.org Description: evolvotron - Generator of textures through interactive evolution Closes: 683010 691820 Changes: evolvotron (0.6.2-1) unstable; urgency=low . * New upstream release + Add new build-dependency on libboost-program-options-dev + Drop patch fix-typo; fixed upstream + CHANGES renamed to NEWS: update debian/rules * Adopt the package (Closes: #691820) * Add Vcs-* headers * debian/rules cleanup: + Use dh_auto_clean + Use debian/clean instead of manual rm + Remove some blank lines + Replace target config.status (which doesn't get built by the non-autotools configure script) by Makefile. This prevents multiple build runs and makes evolvotron building again on ia64. (Closes: #683010) * Support hardening build flags + Remove old DEB_BUILD_OPTIONS parsing + Patch configure to no more call qmake directly + Use dh_auto_configure and dh_auto_build + Pass CPPFLAGS in CXXFLAGS and CFLAGS as qmake seems to ignore CPPFLAGS + Rebuild binaries with proper build flags as qmake doesn't seem to pass all of them properly everywhere + Add build-dependency on dpkg-dev (= 1.16.1~) * Add patch to fix some misspellings found by lintian. * Update years and package maintainers in debian/copyright * Apply wrap-and-sort
Bug#695216: agda-stdlib: Package does not contain Data.FFI haskell module needed for compilation
Control: severity -1 important On Wed, Dec 05, 2012 at 07:07:24PM +0400, Vladimir Lysikov wrote: Severity: grave Justification: renders package unusable The package has uses beyond compilation. Data.FFI module is contained in ffi subdirectory of source tarball. It is needed for compilation using MAlonzo backend, but isn't provided by agda-stdlib or any related package. I cannot say anything about MAlonzo compilation, but this clearly does not qualify as grave. The package is usable for type checking as is. Helmut -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: Re: agda-stdlib: Package does not contain Data.FFI haskell module needed for compilation
Processing control commands: severity -1 important Bug #695216 [agda-stdlib] agda-stdlib: Package does not contain Data.FFI haskell module needed for compilation Severity set to 'important' from 'grave' -- 695216: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=695216 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: tagging 693288, tagging 690130
Processing commands for cont...@bugs.debian.org: tags 693288 + wheezy-ignore squeeze-ignore Bug #693288 [src:jsxgraph] src:jsxgraph: maintainer address bounces Added tag(s) squeeze-ignore and wheezy-ignore. # bouncing mail addresses are not relevant for releases, they need to be fixed in sid, though and are hence of RC severity tags 690130 + wheezy-ignore squeeze-ignore Bug #690130 [src:tryton-modules-account-statement] tryton: maintainer address still bounces Added tag(s) squeeze-ignore and wheezy-ignore. thanks Stopping processing here. Please contact me if you need assistance. -- 690130: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=690130 693288: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=693288 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: Re: libphone-utils0: harmful postrm purge action in M-A:same package
Processing commands for cont...@bugs.debian.org: tags 695272 + patch Bug #695272 [libphone-utils0] libphone-utils0: harmful postrm purge action in M-A:same package Added tag(s) patch. kthxbye Stopping processing here. Please contact me if you need assistance. -- 695272: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=695272 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#645133: simile-timeline: source package should use proper source
Hi, Michael Stapelberg stapelb...@debian.org writes: Unfortunately, the upload is broken currently due to me canceling it and dcut being stalled for some reason. Anyway, I will upload this package ASAP (hopefully within the next few days). This is now uploaded to DELAYED/5. -- Best regards, Michael -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: tagging 694295
Processing commands for cont...@bugs.debian.org: tags 694295 + pending Bug #694295 [libspeechd-dev] libspeechd-dev: missing Breaks+Replaces: speech-dispatcher ( 0.7.1-6) Added tag(s) pending. thanks Stopping processing here. Please contact me if you need assistance. -- 694295: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=694295 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#676424: Bug#454778: emacsen-common: load-path order vs debian-run-directories
Rob Browning r...@defaultvalue.org writes: # The version-specific site-lisp dir, say emacs/21.1/site-lisp, needs # to be in share/FLAVOR so that as we upgrade from 21.1 to 21.2, # etc., add-on package bits don't get left behind. Hmm. I suppose if an add-on is removed by a flavour upgrade and that remove fails for some reason then bits are left behind in what's now an old directory. The symlink was added originally b/c without it, we ended up with a lot of dangling X.Y directories. Are the X.Y bits all unused by debian add-ons now? Or at least are supposed to be unused. If so then I suppose it wouldn't matter what the X.Y/site-lisp is or is not! :-) -- if that made an empty directory there tempting. -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#694295: Anybody up for caring about #694295
Hello, I'm having a look and committing things in the git repository, thanks for the heads-up. Samuel -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#694295: marked as done (libspeechd-dev: missing Breaks+Replaces: speech-dispatcher ( 0.7.1-6))
Your message dated Fri, 07 Dec 2012 01:32:34 + with message-id e1tgmnq-0006mk...@franck.debian.org and subject line Bug#694295: fixed in speech-dispatcher 0.7.1-6.2 has caused the Debian Bug report #694295, regarding libspeechd-dev: missing Breaks+Replaces: speech-dispatcher ( 0.7.1-6) to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 694295: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=694295 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: libspeechd-dev Version: 0.7.1-6 Severity: serious User: trei...@debian.org Usertags: edos-file-overwrite Architecture: amd64 Distribution: squeeze-wheezy (partial) upgrade Hi, automatic installation tests of packages that share a file and at the same time do not conflict by their package dependency relationships has detected the following problem: Selecting previously deselected package speech-dispatcher. Unpacking speech-dispatcher (from .../speech-dispatcher_0.7-6.1_amd64.deb) ... Setting up speech-dispatcher (0.7-6.1) ... Selecting previously deselected package libspeechd-dev. Unpacking libspeechd-dev (from .../libspeechd-dev_0.7.1-6.1_amd64.deb) ... dpkg: error processing /var/cache/apt/archives/libspeechd-dev_0.7.1-6.1_amd64.deb (--unpack): trying to overwrite '/usr/lib/speech-dispatcher/libsdaudio.a', which is also in package speech-dispatcher 0.7-6.1 This is a serious bug as it makes installation/upgrade fail, and violates sections 7.6.1 and 10.1 of the policy. As this problem can be demonstrated during partial upgrades from squeeze to wheezy (but not within squeeze or wheezy itself), this indicates a missing or insufficiently versioned Replaces+Breaks relationship. But since this particular upgrade ordering is not forbidden by any dependency relationship, it is possible that apt (or $PACKAGE_MANAGER) will use this erroneus path on squeeze-wheezy upgrades. Here is a list of files that are known to be shared by both packages (according to the Contents files for squeeze and wheezy on amd64, which may be slightly out of sync): usr/lib/speech-dispatcher/libsdaudio.a usr/lib/speech-dispatcher/libsdaudio.so These files were moved to the -dev package recently: speech-dispatcher (0.7.1-6) unstable; urgency=low * Move libsdaudio.{a,so} files to the development package. The following relationships are currently defined: Package: libspeechd-dev Conflicts: n/a Breaks:n/a Replaces: n/a The following relationships should be added for a clean takeover of these files (http://www.debian.org/doc/debian-policy/ch-relationships.html#s-replaces): Package: libspeechd-dev Breaks: speech-dispatcher ( 0.7.1-6) Replaces: speech-dispatcher ( 0.7.1-6) Cheers, Andreas PS: for more information about the detection of file overwrite errors of this kind see http://edos.debian.net/file-overwrites/. speech-dispatcher=0.7-6.1_libspeechd-dev=0.7.1-6.1.log.gz Description: GNU Zip compressed data ---End Message--- ---BeginMessage--- Source: speech-dispatcher Source-Version: 0.7.1-6.2 We believe that the bug you reported is fixed in the latest version of speech-dispatcher, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 694...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Samuel Thibault sthiba...@debian.org (supplier of updated speech-dispatcher package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Fri, 07 Dec 2012 01:28:18 +0100 Source: speech-dispatcher Binary: speech-dispatcher libspeechd2 libspeechd-dev cl-speech-dispatcher python-speechd speech-dispatcher-festival speech-dispatcher-doc-cs speech-dispatcher-dbg Architecture: source all amd64 Version: 0.7.1-6.2 Distribution: unstable Urgency: low Maintainer: Boris Dušek du...@brailcom.org Changed-By: Samuel Thibault sthiba...@debian.org Description: cl-speech-dispatcher - Common Lisp interface to Speech Dispatcher libspeechd-dev - Speech Dispatcher: Development libraries and header files libspeechd2 - Speech Dispatcher: Shared libraries python-speechd - Python interface to Speech Dispatcher speech-dispatcher - Common interface to speech synthesizers
Bug#677650: Here's a patch that APPEARS to work
I don't know Ruby AT ALL, but I did a bit of googling and this appears to make unhide.rb work with 1.9: --- unhide.rb.orig 2012-12-06 23:53:57.0 -0500 +++ unhide.rb 2012-12-06 23:52:51.0 -0500 @@ -29,7 +29,11 @@ # Support for libc functions not covered by the standard Ruby # libraries module LibC - extend DL::Importable + if RUBY_VERSION =~ /^1\.8/ +extend DL::Importable + else +extend DL::Importer + end dlload libc.so.6 # PID scanning functions @@ -147,7 +151,7 @@ $ps_pids[pid] }], - [/proc, proc { |pid| + [/proc, lambda { |pid| # Is there a /proc entry for this pid? unless File.directory?(/proc/#{pid}) break The first hunk changes from DL::Importable to DL::Importer on versions above 1.8. Since the only method actually used is extern(), and the only change in 1.9 is addition optional flags, that's all the change yo need. Patch stolen from https://github.com/mwotton/Hubris/commit/84515473e079e36f799b8210b424d61b7248798a The second hunk deals with what appears to be a core change between 1.8 and 1.9. In 1.8, proc was an alias for lambda. In 1.9, there's a difference: lambda creates a new function scope (which things like break and return can jump to), while proc does not (so break and return try to return from the caller's scope) Explained at: http://www.skorks.com/2010/05/ruby-procs-and-lambdas-and-the-difference-between-them/#difference http://stackoverflow.com/questions/626/when-to-use-lambda-when-to-use-proc-new http://railspikes.com/2008/9/8/lambda-in-ruby-1-9 The other methods don't use break or return, so there's no need to change them. (I presume proc has somewhat less overhead.) -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: tagging 695250
Processing commands for cont...@bugs.debian.org: tags 695250 + pending Bug #695250 [tomcat6] tomcat6: CVE-2012-4534 CVE-2012-4431 CVE-2012-3546 Added tag(s) pending. thanks Stopping processing here. Please contact me if you need assistance. -- 695250: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=695250 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#695250: tomcat6: CVE-2012-4534 CVE-2012-4431 CVE-2012-3546
On 12/05/2012 11:43 PM, Moritz Muehlenhoff wrote: Package: tomcat6 Severity: grave Tags: security Justification: user security hole More Tomcat security issues have been disclosed: http://tomcat.apache.org/security-6.html The page contains links to the upstream fixes. BTW, is there a specific reason why both tomcat6 and tomcat7 are present in Wheezy? This will duplicate all efforts for security updates in Wheezy. Hi Moritz, I have an updated package that includes the patches for these 3 CVEs and am doing some smoke-testing now. But before I upload, I have a question about what is permissible to include in the upload. I'd like to rename the patches that were included in the 6.0.35-5+nmu1 upload so they follow the same naming convention as the other patches in the package and include the origin patch header. (As you point out, after all, we'll be supporting this package for a long time to come.) Also, I'd like to quilt refresh the patches in the package, as they're getting a bit fuzzy. So, no substantive or real packaging changes, but the interdiff will be a bit larger. Is that okay, or should I upload with only the new patches for the CVEs applied? Regarding tomcat6 and tomcat7, although they are certainly related, they implement different versions of the servlet and JSP specifications [1], and there are a number still organizations running applications developed for/tested on tomcat6 in production. There is a migration guide for going from 6.x to 7.x that must be taken into consideration [2]. But specifically for Debian, there are still a number of packages in wheezy that depend explicitly on tomcat6 and/or libservlet2.5-java. According to popcon, tomcat6 is about 5x more popular than tomcat7, and libservlet2.5 is quite popular indeed [3,4]. Thank you, tony [1] http://tomcat.apache.org/whichversion.html [2] http://tomcat.apache.org/migration-7.html [3] http://qa.debian.org/popcon.php?package=tomcat6 [4] http://qa.debian.org/popcon.php?package=tomcat7 signature.asc Description: OpenPGP digital signature